Garbeld Posted January 6, 2009 Report Share Posted January 6, 2009 I've had issues with atleast three different consecutive rogue antivirus programs popping up; each time, I run AVGFree, Malware Byte's, or Spybot, until all three have been tried and/or the current problem seems gone. Current state of my computer is I cannot access any websites ( I'm currently posting from my secondary PC ) ; nothing but blank, errorless pages load. I've gotten seemingly-random "Must restart because DCOM server process launcher terminated" or somesuch error, and occasional spontaneous freezes when trying to login... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:52:58 PM, on 1/5/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG8\avgwdsvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\NMSAccessU.exeC:\Program Files\Mabinogi\npkcmsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeC:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\PROGRA~1\AVG8\avgrsx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Unlocker\UnlockerAssistant.exeC:\PROGRA~1\AVG8\avgtray.exeC:\Program Files\WhatPulse\WhatPulse.exeC:\Program Files\Taskbar Shuffle\taskbarshuffle.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\DeskPins\DeskPins.exeC:\Documents and Settings\ez\Desktop\Main\Downloads\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: {5f6cf408-8ce4-8ec8-0084-165c99d58096} - {69085d99-c561-4800-8ce8-4ec8804fc6f5} - C:\WINDOWS\system32\zvsret.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLLO2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exeO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe bootO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exeO4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (User '?')O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')O4 - S-1-5-21-329068152-1844823847-839522115-1005 Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (User '?')O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exeO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnkO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missingO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184031087156O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\avgpp.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - C:\Program Files\Common\Database\bin\fbserver.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exeO23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exeO23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exeO23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exeO23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 10440 bytes Quote Link to post Share on other sites
jwbirdsong Posted January 6, 2009 Report Share Posted January 6, 2009 Step 1Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step 2Download OTViewIt to your desktop.Close all windows and open itClick Run Scan and let the program run uninterruptedIt will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You can ATTACH both of these if needed.You may need to use two posts to get it all on the forum or ATTACH OTviewit logsPlease post OTViewIt logs in your reply. You can ATTACH one if needed.EDIT: IMMEDIATLY after a reboot try MBAM again and npost a log from that if able. Quote Link to post Share on other sites
Garbeld Posted January 7, 2009 Author Report Share Posted January 7, 2009 Posting while I wait for MBAM to finish, will appendOTViewIt logfile created on: 1/6/2009 7:13:33 PM - Run OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wutWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFSDrive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFSE: Drive not present or media not loadedDrive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DAGCurrent User Name: ezLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== Processes ==========[2006/04/17 00:34:42 | 16,143,872 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe[2004/08/18 07:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe[2008/12/03 19:54:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe[2006/08/21 10:48:46 | 00,665,600 | ---- | M] (WhatPulse.org) -- C:\Program Files\WhatPulse\WhatPulse.exe[2007/06/16 13:47:44 | 00,827,392 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2008/08/12 11:18:03 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgrsx.exe[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe[2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[2008/09/03 01:17:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2004/08/03 23:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe[2009/01/06 15:38:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ez\Desktop\wut\OTViewIt.exe========== (O23) Win32 Services ==========File not found -- -- (AdobeActiveFileMonitor6.0 [Auto | Stopped])[2007/03/19 18:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])[2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX) -- C:\Program Files\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])[2008/04/16 02:39:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])[2004/08/18 07:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [On_Demand | Stopped])[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])[2007/11/30 11:27:22 | 00,558,592 | ---- | M] (ReaSoft) -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service [On_Demand | Stopped])[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])[2006/05/12 14:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Stopped])[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])========== Driver Services ==========[2007/07/09 17:43:26 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])[2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])[2004/04/27 08:26:48 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio [On_Demand | Stopped])[2008/09/26 19:37:20 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])[2008/08/12 11:18:09 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])[2004/08/18 07:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])[2008/03/20 22:55:29 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])[2006/04/17 01:31:26 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])[2006/02/07 04:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [boot | Running])[2006/07/01 02:47:08 | 00,041,216 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [boot | Running])[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])[2006/09/22 13:06:10 | 00,092,160 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])[2004/08/18 07:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])[2004/08/18 07:00:00 | 00,058,016 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [system | Running])[2008/11/26 07:16:57 | 00,004,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])[2006/02/13 19:05:00 | 03,642,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [system | Running])[2001/04/09 06:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [boot | Running])[2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])[2007/01/11 17:20:06 | 00,194,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])[2008/12/22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])[2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])[2008/12/22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])[2003/03/31 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])[2007/04/27 06:40:00 | 00,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])[2008/04/18 17:16:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])[2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Running])[2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])[2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])[2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])[2006/04/19 23:44:38 | 00,479,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])[2006/06/06 14:37:10 | 00,011,136 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])[2006/06/06 14:37:10 | 00,021,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])[2006/06/06 14:37:10 | 00,006,400 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])[2006/06/06 14:37:12 | 00,046,208 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])[2003/03/31 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])[2007/02/26 18:15:21 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])[2005/09/19 07:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Stopped])========== (R ) Internet Explorer ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896"Default_Secondary_Page_URL"="Extensions Off Page"=about:NoAdd-ons"Local Page"=%SystemRoot%\system32\blank.htm"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896"Security Risk Page"=about:SecurityRisk"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896"Start Page"=http://www.msn.com/?wl=true[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable" = 0"ProxyOverride" = *.local========== (O1) Hosts File ==========HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\HostsFirst 25 entries...127.0.0.1 localhost========== (O2) BHO's ==========[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated){3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.){69085d99-c561-4800-8ce8-4ec8804fc6f5} (HKLM) -- C:\WINDOWS\system32\zvsret.dll (){761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.){7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation){A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o ){BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.){E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found========== (O3) Toolbars ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )========== (O4) Run Keys ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)"AVG8_TRAY"=C:\PROGRA~1\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe boot (JMicron Technology Corp.)"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" ()[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)"Taskbar Shuffle"=C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)========== (O4) Startup Folders ==========[2004/05/02 10:02:51 | 00,062,464 | ---- | M] (Elias Fotinis) -- C:\Documents and Settings\ez\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe========== (O6 & O7) Current Version Policies ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]"NoWinKeys"=1"AllowLegacyWebView"=1"AllowUnhashedWebView"=1"NoSetActiveDesktop"=1"NoActiveDesktopChanges"=1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"DisableRegistryTools"=0"DisableTaskMgr"=0"NoControlPanel"=0[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]"NoDriveTypeAutoRun"=145"NoSaveSettings"= [binary data]"ClearRecentDocsOnExit"= [binary data]"NoActiveDesktop"= [binary data]"NoWindowsUpdate"=0"NoControlPanel"=0[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]"DisableTaskMgr"=0========== (O9) IE Extensions ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- Reg Error: Key does not exist or could not be opened. File not found{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- Reg Error: Key does not exist or could not be opened. File not found{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.){d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU File not found{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation){FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)========== (O12) Internet Explorer Plugins ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%sPluginsPageFriendlyName: "" = Microsoft ActiveX Gallery========== (O13) Default Prefixes ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]""=http://========== (O15) Trusted Sites ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]50 domain(s) and sub-domain(s) not assigned to a zone.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]49 domain(s) and sub-domain(s) not assigned to a zone.========== (O16) DPF ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support{5F5F9FB8-878E-4455-95E0-F64B2314288A}: http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab -- ijjiPlugin2 Class{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1184031087156 -- MUWebControl Class{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object========== (O17) DNS Name Servers =========={3715EFAA-1ABD-43DB-A6B4-033BA15DEB26} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter){40E8FCFF-C861-472C-93F6-76DE1AB1E0D6} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller){424995E3-8EB2-48E4-92C6-2D0C685940D8} (Servers: | Description: ){52096BAB-94C9-45E8-AB89-1F6B7CAC200C} (Servers: | Description: 1394 Net Adapter){648D6542-3CE9-4D24-AB57-2131014CC4A2} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)========== (O20) HKLM Winlogon Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"UserInit"=C:\WINDOWS\system32\userinit.exe,>[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe========== (O20) Winlogon Notify Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)RelevantKnowledge: "DllName" = C:\program files\relevantknowledge\rlls.dll -- C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge)========== Shell Execute Hooks ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)========== Safeboot Options =========="AlternateShell"=cmd.exe========== CDRom AutoRun Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]"AutoRun" = 1========== Autorun Files on Drives ==========AUTOEXEC.BAT [][2007/07/09 17:27:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=BW.ICO | ][1998/12/13 00:43:32 | 00,000,040 | R--- | M] () -- F:\AUTORUN.INF -- [ CDFS ]========== MountPoints2 ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]""=AutoRun[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]""=Auto&Play[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]""=F:\SETUP.EXE -- [1998/11/30 22:04:40 | 00,025,600 | R--- | M] ()========== Files/Folders - Created Within 30 Days ==========[2009/01/05 23:33:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys[2009/01/05 23:33:09 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys[2009/01/05 23:33:09 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys[2009/01/05 23:33:09 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira[2009/01/05 21:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Desktop\wut[2009/01/05 07:34:44 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe[2009/01/05 07:06:58 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf[2009/01/05 07:04:38 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe[2009/01/04 02:03:31 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys[2009/01/04 02:03:29 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll[2009/01/03 15:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\SUPERAntiSpyware.com[2009/01/03 10:35:49 | 00,000,000 | ---D | C] -- C:\VundoFix Backups[2009/01/03 09:25:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl[2009/01/03 09:17:46 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\zvsret.dll[2009/01/03 09:17:44 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\upirftmc.dll[2009/01/03 08:54:35 | 00,000,304 | ---- | C] () -- C:\WINDOWS\tasks\amhdrfty.job[2009/01/03 08:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\VirusRemover2008[2009/01/02 16:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development[2008/12/30 23:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\acccore[2008/12/28 19:11:22 | 00,000,000 | ---D | C] -- C:\Program Files\Will[2008/12/24 10:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\clisp-2.47[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL OCP[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL[2008/12/23 22:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint[2008/12/23 22:45:07 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint[2008/12/23 22:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL[2008/12/23 22:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL[2008/12/23 22:44:17 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6[2008/12/23 22:44:13 | 00,000,456 | -H-- | C] () -- C:\IPH.PH[2008/12/22 22:32:04 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn[2008/12/22 22:32:04 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for[2008/12/20 17:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Batch Converter[2008/12/19 16:55:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVU[2008/12/19 16:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVUClient[2008/12/17 20:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\HexCmp[2008/12/17 20:10:01 | 00,000,000 | ---D | C] -- C:\Program Files\DiffMerge[2008/12/14 14:24:12 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MinGW.INI[2008/12/14 14:24:01 | 00,000,000 | ---D | C] -- C:\MinGW[2008/12/14 13:45:05 | 00,000,000 | ---D | C] -- C:\Tcl[2008/12/12 23:20:05 | 00,000,000 | ---D | C] -- C:\ijji[2008/12/12 23:18:02 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\WINDOWS\System32\PubPlugin.dll[2008/12/12 23:18:02 | 00,058,800 | ---- | C] (NHN USA Corp.) -- C:\WINDOWS\System32\ijjiPlugin2.dll[2008/12/12 23:18:01 | 00,710,064 | ---- | C] (NHN USA) -- C:\WINDOWS\System32\ijjiSetup.exe[2008/12/12 23:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\NHN USA========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009/01/06 00:00:00 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\amhdrfty.job[2009/01/05 23:29:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/01/05 23:29:11 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2009/01/05 23:29:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/01/05 23:29:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/01/05 17:10:49 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd[2009/01/05 14:18:14 | 00,000,502 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf[2009/01/05 14:11:31 | 31,581,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2009/01/05 07:34:44 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe[2009/01/05 06:41:36 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\0640.job[2009/01/04 18:47:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn[2009/01/03 10:51:57 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\zvsret.dll[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\upirftmc.dll[2009/01/01 19:51:29 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg[2008/12/31 20:30:00 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\ez\My Documents\My Sharing Folders.lnk[2008/12/30 22:01:57 | 02,640,806 | -H-- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\IconCache.db[2008/12/23 22:48:47 | 00,000,456 | -H-- | M] () -- C:\IPH.PH[2008/12/22 22:32:04 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for[2008/12/22 08:05:17 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg[2008/12/17 22:50:35 | 00,000,052 | ---- | M] () -- C:\WINDOWS\GunzLauncher.INI[2008/12/16 15:36:02 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll[2008/12/14 14:24:12 | 00,000,041 | ---- | M] () -- C:\WINDOWS\MinGW.INI[2008/12/14 09:48:03 | 00,002,048 | ---- | M] () -- C:\WINDOWS\System32\Tr_sttool.dat< End of report >OTViewIt Extras logfile created on: 1/6/2009 7:13:33 PM - Run OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wutWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFSDrive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFSE: Drive not present or media not loadedDrive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DAGCurrent User Name: ezLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify"=1"FirewallDisableNotify"=0"UpdatesDisableNotify"=1"AntiVirusOverride"=0"FirewallOverride"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"EnableFirewall"=0"DoNotAllowExceptions"=0"DisableNotifications"=0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000[2008/10/01 23:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian[2008/02/20 07:33:48 | 00,963,072 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server[2007/05/09 04:34:40 | 00,270,336 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya[2007/08/16 04:31:36 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\Cave Story Deluxe\dedicated\Dedicated.exe:*:Enabled:Dedicated[2008/11/05 18:10:59 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft[2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger[2008/12/17 22:29:33 | 01,097,728 | ---- | M] (MAIET entertainment) -- C:\Program Files\Gunz\Gunz.exe:*:Enabled:Gunz[2007/08/10 21:32:50 | 00,678,400 | ---- | M] (Michal Marcinkowski) -- C:\Program Files\Soldat\Soldat.exe:*:Enabled:Soldat[2008/01/10 14:26:16 | 04,138,882 | ---- | M] () -- C:\Program Files\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader[2005/01/19 18:35:44 | 00,513,024 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\ROM\zsnesw142\zsnesw.exe:*:Enabled:zsnesw[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)[2008/08/21 11:01:30 | 00,268,592 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server[2008/09/26 19:36:38 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgupd.exe:*:Enabled:avgupd.exe[2008/06/10 13:06:16 | 03,103,232 | ---- | M] (ApexDC++ Development Team) -- C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing[2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader[2008/10/21 10:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM========== (O10) Winsock2 Catalogs ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\TEMP\ntdll64.dll File not foundProtocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\TEMP\ntdll64.dll File not found========== (O18) Protocol Handlers ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]ipp: [HKLM - No CLSID value][2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing][2008/08/12 11:18:05 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])msdaipp: [HKLM - No CLSID value][2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing][2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER][2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])File not found Reg Error: Key does not exist or could not be opened. (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Reg Error: Key does not exist or could not be opened.])========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0070ED8E-6BEB-4883-BFEB-BACCAA1B6F05}_is1"=Artweaver Lua Script Interface"{0140AE80-C3C6-4FE8-85AC-32EEB48BBDD1}"=Grubclient"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}"=LastChaos"{0B62392F-B7D7-4DE3-AD15-30819F1C925E}"=Sodipodi"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}"=Logitech Gaming Software"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer"{23A67E8B-9C1F-4CBC-86C2-E4D899D568A9}"=Paper Chase 2"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2"{257E440F-781F-459B-9A68-A0872B80C1D6}"=Windows Live Photo Gallery"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11"{27BFACF0-571C-4A2E-8577-2F6FD2457C93}"=Animation-ish Home Trial"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1"=RegAlyzer"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}"=Maya 8.5 Personal Learning Edition"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5"{3254950A-7242-4258-848A-11BF092403D6}"=Aranock Online"{32A3A4F4-B792-11D6-A78A-00B0D0160100}"=Java SE Development Kit 6 Update 10"{32A3A4F4-B792-11D6-A78A-00B0D0160110}"=Java SE Development Kit 6 Update 11"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JRAID"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation"{4B2DEF0C-51B4-4250-A082-7C3CD4FB2828}"=RealWorld Cursor Editor"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}"=Paint.NET v3.31"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3"{54A55DF7-BCC0-4C98-84AB-01CDA57687C7}"=Hex Workshop v5.1"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}"=Sentinel Protection Installer 7.4.0"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}"=RGSS-RTP Standard"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}"=msxml4"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}"=ArtRage 2 Starter Edition"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise"{62281EAA-419B-44A5-894A-58E7A7324E0E}"=Light of Dawn"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}"=Corel Paint Shop Pro Photo X2"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}"=Microsoft Xbox 360 Accessories 1.1"{69440E1E-7D34-4C00-B878-9412B1707F1C}"=SourceGear DiffMerge"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}"=Maya 8.5 Personal Learning Edition Documentation (en_US)"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings"{6D4E1222-AFEA-4848-A100-8A6011B624D4}"=openCanvas4.5.11e Plus"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar"{7A8358BC-78B6-404B-9792-F344A6AB59C9}"=Curator Defense"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation"{80851370-07CF-477B-837D-F2E488916CFE}"=OpenOffice.org 2.4"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}"=Install(US)2"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}"=Adobe Illustrator CS"{91DD9DED-5979-4FB3-AC7D-80091CC1FC40}"=TVPaint Animation"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}"=Numedia CD-DVD writing as non-admin user"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings"{96443F45-13E2-11D6-AC87-00D0B7A9E540}"=Arx Fatalis"{998D6972-F58E-479D-9248-8F179E55AE38}"=Java DB 10.4.1.3"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5"{9B2ADD3A-AFAF-4622-AC6F-C86FF36CC245}"=USB Flash Disk Utility"{9B34CAC6-738F-4A20-B428-A115C3E3474C}"=RPGXP"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}"=Pixia"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant"{B09DFBF9-9148-4070-A493-69D71455D983}_is1"=Artweaver"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter"{B2E56E2A-1DE2-454B-A24A-CAA471EBDC99}"=Toon Boom Digital Pro PLE"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}"=TextPad 5"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime"{C314764F-2C47-44DA-BE37-F48BB7322BE4}_is1"=Screen Video Recorder 1.5"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3"{EF434C52-D882-43DB-8777-EC7B10D8943C}"=America's Army"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0"{F99C5427-4D78-43E2-B97E-F4C4E622D612}"=MapleStory"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup"7-Zip"=7-Zip 4.57"ActiveTcl 8.5.5.0"=ActiveState ActiveTcl 8.5.5.0"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin"=Adobe Flash Player Plugin"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0"Adobe Shockwave Player"=Adobe Shockwave Player"Adobe SVG Viewer"=Adobe SVG Viewer 3.0"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional"Advanced Batch Converter"=Advanced Batch Converter"AIM_6"=AIM 6"AMUST Disk Cleaner_is1"=AMUST Disk Cleaner 1.0"Animated GIF Banner Maker"=Animated GIF Banner Maker"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus"Any Video Converter_is1"=Any Video Converter 2.6.2"ApexDC++"=ApexDC++ 1.1.0"Apophysis 2.0"=Apophysis 2.0"Ares"=Ares 2.0.9"Armadillo Run Demo_is1"=Armadillo Run Demo Version 1.0.1"ATMA V"=ATMA V 5.05"attack of the groox - encounter on blubuzz"=attack of the groox - encounter on blubuzz"Audacity_is1"=Audacity 1.2.6"AVG8Uninstall"=AVG Free 8.0"Avidemux 2.4"=Avidemux 2.4"AVIedit 3.38"=AVIedit 3.38"Babiloo"=Babiloo"BabyaPhotoWorkshop11.0_is1"=Babya Photo Workshop Professional 12.0"Blaze Media Pro"=Blaze Media Pro"Blender"=Blender (remove only)"BulentsScreenRecorder4"=BSR Screen Recorder 4"camcodec"=CamStudio Lossless Codec"CamStudio"=CamStudio"Cave Story Deluxe"=Cave Story Deluxe"Chipamp"=Chipamp"Collab"=Collab"Color Efex Pro 3.0 Complete"=Color Efex Pro 3.0 Complete"Color7 Music Editor_is1"=Color7 Music Editor v6.2.9"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-09-21 16:18"Cylekx_is1"=Cylekx 2.6"DeskPins"=DeskPins (remove only)"Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2)"Diablo II"=Diablo II"DVD to VCD AVI DivX Converter v3.2 (build 069)"=DVD to VCD AVI DivX Converter v3.2 (build 069)"eMule"=eMule"Enigma"=Enigma"Firebird SQL Server US"=Firebird SQL Server - MAGIX Edition"fluffy"=fluffy"Folding@Home"=Folding@Home"Fraps"=Fraps"Free Screen Recorder_is1"=Free Screen Recorder v2.9"Freecorder Toolbar3.0"=Freecorder Toolbar 3.0 Application"Furcadia"=Furcadia"GoldWave v5.23"=GoldWave v5.23"GoPets"=GoPets"GotEd_is1"=GotEd V1.0"GraphicsGale FreeEdition_is1"=GraphicsGale FreeEdition version 1.86"Grooveshark"=sharkbyte"Gtk+ Runtime Environment"=Gtk+ Runtime Environment 2.10.11-1"gtkmm"=gtkmm Runtime Environment 2.10"Gunz"=ijji - Gunz"Hamachi"=Hamachi 1.0.3.0"HexCmp 2_is1"=HexCmp 2.34"Hexplorer"=ICY Hexplorer (remove only)"HijackThis"=HijackThis 2.0.2"HyperCam 2"=HyperCam 2"ICE v2.03 Setup"=ICE v2.03 Setup"IcoFX_is1"=IcoFX 1.6"Icon In Depth_is1"=Icon In Depth 1.5.0.2"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs"ie7"=Windows Internet Explorer 7"i-Fun Viewer_is1"=i-Fun Viewer"imgSeek"=imgSeek (remove only)"InfraRecorder"=InfraRecorder"Inkscape"=Inkscape 0.45.1"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA"IrfanView"=IrfanView (remove only)"Jahplayer"=Jahplayer"Jahshaka"=Jahshaka"JCreator LE_is1"=JCreator LE 4.50"jDictionary"=jDictionary dictionary program (remove only)"JTablet"=JTablet"kiki_is1"=kiki the nanobot 1.0.2"LightWave 3D 9"=LightWave 3D"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)"MagicDisc 2.5.74"=MagicDisc 2.5.74"MAGIX Photo Manager 2007 US"=MAGIX Photo Manager 2007 4.2.1.261 (US)"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware"Manga Studio EX Demo 3.0"=Manga Studio EX Demo 3.0"Mech2TitaniumUninstallKey"=MechWarrior 2: Titanium Edition"MercsTitaniumUninstallKey"=Mercenaries: Titanium Edition"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0"MinGW_is1"=MinGW 3.1.0"Miro"=Miro"mm.BOT5.46"=mm.BOT"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)"Mozilla Sunbird (0.7)"=Mozilla Sunbird (0.7)"Mozilla Thunderbird (2.0.0.14)"=Mozilla Thunderbird (2.0.0.14)"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP"mtPaint_is1"=mtPaint 3.11"musikCube"=musikCube 1.0"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs"Notepad++"=Notepad++"Novashell Game Creation System"=Novashell Game Creation System (remove only)"NVIDIA Drivers"=NVIDIA Drivers"On the Rain-Slick Precipice of Darkness, Episode One"=On the Rain-Slick Precipice of Darkness, Episode One"OpenLibraries"=OpenLibraries"Poke"=Poke"Poser 7 Demo_is1"=Poser 7.0.2 Demo"prunnet"=Advertisement Service"Qliner Hotkeys"=Qliner Hotkeys 2.0"Ragnarok Revolution6.0"=Ragnarok Revolution"ReaConverter 5.5 Pro_is1"=ReaConverter 5.5 Pro"RealAlt_is1"=Real Alternative 1.9.0"RealPlayer 6.0"=RealPlayer"RealVNC_is1"=VNC Free Edition 4.1.2"ROM CHECK FAIL_is1"=ROM CHECK FAIL 1.0"scilab-5.0.3_is1"=scilab-5.0.3"secretmaryo"=Secret Maryo Chronicles"SmoothDraw_is1"=SmoothDraw 3.1.2"SolarWolf"=SolarWolf 1.5"Soldat_is1"=Soldat 1.4.2"Songbird 20071226"=Songbird 0.4 (20071226)"ST6UNST #1"=Hero Editor V0.90"ST6UNST #2"=Hero Editor V0.90 (C:\Program Files\Hero Editor\)"ST6UNST #3"=Hero Editor V0.96"Starcraft"=Starcraft"StudioLine Photo Basic"=StudioLine Photo Basic"synfig"=Synfig Core"synfigstudio"=Synfig Studio"Taskbar Shuffle_is1"=Taskbar Shuffle version 2.2"TED Notepad"=TED Notepad"Trillian"=Trillian"Unlocker"=Unlocker 1.8.5"ViewpointMediaPlayer"=Viewpoint Media Player"VLC media player"=VideoLAN VLC media player 0.8.6c"Wacom Tablet Driver"=Wacom Tablet"WavePad"=WavePad Uninstall"Wdf01001"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.1"WhatPulse"=WhatPulse 1.5"WIC"=Windows Imaging Component"Winamp"=Winamp"Windows Media Format Runtime"=Windows Media Format 11 runtime"Windows Media Player"=Windows Media Player 11"Windows XP Service Pack"=Windows XP Service Pack 2"WinGimp-2.0_is1"=GIMP 2.4.3"WinRAR archiver"=WinRAR archiver"WMFDist11"=Windows Media Format 11 runtime"wmp11"=Windows Media Player 11"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0"Yahoo! Extras"=Yahoo! Browser Services"Yahoo! Mail"=Yahoo! Internet Mail"Yahoo! Messenger"=Yahoo! Messenger"YInstHelper"=Yahoo! Install Manager========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"GNU CLISP 2.47"=GNU CLISP 2.47"Google Chrome"=Google Chrome"ijji FireFox Launcher"=ijji FireFox Launcher 1.0"ijji.com"=ijji"IMVU Avatar chat client software BETA"=IMVU Avatar Chat Software"Lucid Dreams"=Lucid Dreams"Modding Tool Package"=Modding Tool Package"New LEGO Digital Designer"=LEGO Digital Designer"sodarace kiosk"=sodarace kiosk"uTorrent"=Torrent"WinDirStat"=WinDirStat 1.1.2========== Last 10 Event Log Errors ==========[ Application Events ]Error - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = EventSystem | ID = 4609Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erroError - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = VSS | ID = 8193Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.Error - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = EventSystem | ID = 4609Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erroError - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = VSS | ID = 8193Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.Error - 1/6/2009 9:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20Description = Error - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = EventSystem | ID = 4609Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erroError - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = VSS | ID = 8193Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.Error - 1/6/2009 10:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20Description = Error - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = EventSystem | ID = 4609Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erroError - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = VSS | ID = 8193Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.[ System Events ]Error - 1/6/2009 12:19:32 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%31Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss SASDIFSVSASKUTILTcpipWS2IFSLError - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000Description = The Adobe Active File Monitor V6 service failed to start due to the following error: %%3Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7024Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated with service-specific error 4294967295 (0xFFFFFFFF).Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2< End of report > Quote Link to post Share on other sites
Garbeld Posted January 7, 2009 Author Report Share Posted January 7, 2009 Malwarebytes' Anti-Malware 1.24Database version: 1045Windows 5.1.2600 Service Pack 29:18:57 PM 1/6/2009mbam-log-1-6-2009 (21-18-57).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 326374Time elapsed: 1 hour(s), 27 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Quote Link to post Share on other sites
jwbirdsong Posted January 8, 2009 Report Share Posted January 8, 2009 Yeah you've got some ugly infections w/ some probably renamed files. Let's sort this out efficently.Please go HERE and follow the directions for Downloading and running Combofix. Post it's log once done. Quote Link to post Share on other sites
Garbeld Posted January 8, 2009 Author Report Share Posted January 8, 2009 Well, I can again access internet through browser. Hoping this log has nothing further bad to say ...ComboFix 09-01-07.02 - ez 2009-01-07 22:08:55.1 - NTFSx86Running from: c:\documents and settings\ez\Desktop\ComboFix.exeAV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\ez\Local Settings\Temporary Internet Files\fbk.stsc:\documents and settings\ez\Local Settings\Temporary Internet Files\ijjistarter_verinfo.datc:\program files\mm.BOTc:\program files\mm.BOT\Config\backup\mm.Bot.Sequences_backup.inic:\program files\mm.BOT\Config\backup\mm.Bot_backup.inic:\program files\mm.BOT\Config\backup\mm.MultiKeys_backup.inic:\program files\mm.BOT\Config\backup\mm.PKID_backup.inic:\program files\mm.BOT\Config\backup\mm.PlayKeys_backup.inic:\program files\mm.BOT\Config\mm.BOT.inic:\program files\mm.BOT\Config\mm.BOT.Sequences.inic:\program files\mm.BOT\Config\mm.BotState.inic:\program files\mm.BOT\Config\mm.MultiKeys.inic:\program files\mm.BOT\Config\mm.PKID.inic:\program files\mm.BOT\Config\mm.PlayKeys.inic:\program files\mm.BOT\Config\mmcl.PKID.Compiler.exec:\program files\mm.BOT\Config\System\d2-cdkey.exec:\program files\mm.BOT\Config\System\listfile.datc:\program files\mm.BOT\Config\System\LMPQAPI.DLLc:\program files\mm.BOT\Config\System\mm.Boxes.Ref.inic:\program files\mm.BOT\Config\System\mm.PKID.Refc:\program files\mm.BOT\Config\System\mm.PKID.Usr.CHc:\program files\mm.BOT\Config\System\mm.PKID.Usr.IDc:\program files\mm.BOT\Config\System\mm.PKID.Usr.PKc:\program files\mm.BOT\Config\System\MPQ2K.exec:\program files\mm.BOT\Config\System\Process.exec:\program files\mm.BOT\Config\System\SFmpq.dllc:\program files\mm.BOT\Config\System\staredit.exec:\program files\mm.BOT\Config\System\Storm.dllc:\program files\mm.BOT\Documents\Htm\CharTut.htmc:\program files\mm.BOT\Documents\Htm\FAQ.htmc:\program files\mm.BOT\Documents\Htm\img\automap.jpgc:\program files\mm.BOT\Documents\Htm\img\bar.jpgc:\program files\mm.BOT\Documents\Htm\img\coldskills.jpgc:\program files\mm.BOT\Documents\Htm\img\controls1.jpgc:\program files\mm.BOT\Documents\Htm\img\controls2.jpgc:\program files\mm.BOT\Documents\Htm\img\controls3.jpgc:\program files\mm.BOT\Documents\Htm\img\controls4.jpgc:\program files\mm.BOT\Documents\Htm\img\Desktop.jpgc:\program files\mm.BOT\Documents\Htm\img\favicon.icoc:\program files\mm.BOT\Documents\Htm\img\fireskills.jpgc:\program files\mm.BOT\Documents\Htm\img\lightskills.jpgc:\program files\mm.BOT\Documents\Htm\img\merc_main.jpgc:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner.jpgc:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner2.jpgc:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner3.jpgc:\program files\mm.BOT\Documents\Htm\img\mmbotlogo.jpgc:\program files\mm.BOT\Documents\Htm\img\Notepad.icoc:\program files\mm.BOT\Documents\Htm\img\Pindle.jpgc:\program files\mm.BOT\Documents\Htm\img\Program.icoc:\program files\mm.BOT\Documents\Htm\img\Screenshot054.jpgc:\program files\mm.BOT\Documents\Htm\img\Screenshot065.jpgc:\program files\mm.BOT\Documents\Htm\img\Screenshot072.jpgc:\program files\mm.BOT\Documents\Htm\img\Screenshot090.jpgc:\program files\mm.BOT\Documents\Htm\img\Screenshot101.jpgc:\program files\mm.BOT\Documents\Htm\img\Screenshot169.jpgc:\program files\mm.BOT\Documents\Htm\img\skillskeys.jpgc:\program files\mm.BOT\Documents\Htm\img\SoulSpawn.jpgc:\program files\mm.BOT\Documents\Htm\img\stats_ctaswitch.jpgc:\program files\mm.BOT\Documents\Htm\img\Thumbs.dbc:\program files\mm.BOT\Documents\Htm\img\Update.icoc:\program files\mm.BOT\Documents\Htm\img\video.jpgc:\program files\mm.BOT\Documents\Htm\Installation.htmc:\program files\mm.BOT\Documents\Htm\KeysSwapping.htmc:\program files\mm.BOT\Documents\Htm\LMenu.htmc:\program files\mm.BOT\Documents\Htm\MainPage.htmc:\program files\mm.BOT\Documents\Htm\MercTut.htmc:\program files\mm.BOT\Documents\Htm\MySorce.htmc:\program files\mm.BOT\Documents\Htm\PKID.ByGroups.htmc:\program files\mm.BOT\Documents\Htm\PKID.ByItems.htmc:\program files\mm.BOT\Documents\Htm\PkIdListing.htmc:\program files\mm.BOT\Documents\Htm\PkIdSamples.htmc:\program files\mm.BOT\Documents\Htm\PkIdSyntax.htmc:\program files\mm.BOT\Documents\Htm\SeqCommands.htmc:\program files\mm.BOT\Documents\Htm\SeqExamples.htmc:\program files\mm.BOT\Documents\img\favicon.icoc:\program files\mm.BOT\Documents\img\Home.icoc:\program files\mm.BOT\Documents\img\Notepad.icoc:\program files\mm.BOT\Documents\img\Program.icoc:\program files\mm.BOT\Documents\img\Update.icoc:\program files\mm.BOT\Documents\mm.BOT.History.txtc:\program files\mm.BOT\Logs\_STATS.inic:\program files\mm.BOT\Logs\ArchiveCurrent.exec:\program files\mm.BOT\Logs\Compiler.txtc:\program files\mm.BOT\Logs\DeleteCurrent.exec:\program files\mm.BOT\Logs\Events_Bot.txtc:\program files\mm.BOT\Logs\SearchInLogs.exec:\program files\mm.BOT\mm.BOT.546.exec:\program files\mm.BOT\mm.Bot.chmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\CharTut.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\FAQ.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\automap.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\bar.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\coldskills.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls1.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls2.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls3.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls4.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Desktop.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\favicon.icoc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\fireskills.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\lightskills.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\merc_main.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\mmbotlogo.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Notepad.icoc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Pindle.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Program.icoc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot054.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot065.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot072.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot090.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot101.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot169.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\skillskeys.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\SoulSpawn.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\stats_ctaswitch.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Thumbs.dbc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Update.icoc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\video.jpgc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\Installation.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\KeysSwapping.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\LMenu.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MainPage.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MercTut.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MySorce.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByGroups.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByItems.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdListing.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSamples.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSyntax.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqCommands.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqExamples.htmc:\program files\mm.BOT\mm.BOT.MAN\Documents\mm.BOT.History.txtc:\program files\mm.BOT\mm.BOT.MAN\mm.BOT.MANUAL.htmc:\program files\mm.BOT\mm.BOT.MANUAL.htmc:\program files\mm.BOT\mmbot_config.exec:\program files\mm.BOT\mmbot_configinfo.inic:\program files\mm.BOT\Scripts\Example.au3c:\program files\mm.BOT\Scripts\mm.BOT.Include.au3c:\program files\mm.BOT\Tools\ImportantRead.txtc:\program files\mm.BOT\Tools\mm.FList\mm.FList.exec:\program files\mm.BOT\Tools\mm.FList\mm.FList.inic:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exec:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.inic:\program files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exec:\program files\mm.BOT\Update.clic:\program files\mm.BOT\Update.exec:\windows\system32\drivers\seneka.sysc:\windows\system32\drivers\senekaobvviiuh.sysc:\windows\system32\Memman.vxdc:\windows\system32\ntdll64.exec:\windows\system32\seneka.datc:\windows\system32\senekadf.datc:\windows\system32\senekafmxgkivb.dllc:\windows\system32\senekalog.datc:\windows\system32\senekapewbtqlo.dllc:\windows\system32\senekawahsthof.dllc:\windows\system32\skinboxer43.dllc:\windows\system32\upirftmc.dllc:\windows\system32\win32hlp.cnfc:\windows\system32\zvsret.dllD:\install.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_SENEKA((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 ))))))))))))))))))))))))))))))).2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\program files\Avira2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira2009-01-05 07:04 . 2009-01-05 07:04 111,616 --a--c--- c:\windows\system32\dllcache\userinit.exe2009-01-04 02:03 . 2008-10-30 10:50 172,840 --a------ c:\windows\system32\Wintab32.dll2009-01-04 02:03 . 2008-10-06 11:53 15,656 --a------ c:\windows\system32\drivers\wacmoumonitor.sys2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\program files\SUPERAntiSpyware2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\ez\Application Data\SUPERAntiSpyware.com2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- C:\VundoFix Backups2009-01-03 09:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl2009-01-03 08:53 . 2009-01-03 08:53 <DIR> d-------- c:\documents and settings\ez\Application Data\VirusRemover20082009-01-02 16:04 . 2009-01-02 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development2008-12-30 23:06 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\ez\Application Data\acccore2008-12-28 19:11 . 2008-12-28 19:11 <DIR> d-------- c:\program files\Will2008-12-24 10:10 . 2008-12-24 10:10 <DIR> d-------- c:\program files\clisp-2.472008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\program files\Viewpoint2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\program files\Common Files\AOL2008-12-23 22:44 . 2008-12-23 22:48 <DIR> d-------- c:\program files\AIM62008-12-23 22:44 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL2008-12-23 22:44 . 2008-12-23 22:48 456 --ah----- C:\IPH.PH2008-12-22 22:32 . 2009-01-04 18:47 54,156 --ah----- c:\windows\QTFont.qfn2008-12-22 22:32 . 2008-12-22 22:32 1,409 --a------ c:\windows\QTFont.for2008-12-20 17:45 . 2008-12-20 17:45 <DIR> d-------- c:\program files\Advanced Batch Converter2008-12-19 16:55 . 2008-12-26 16:26 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVU2008-12-19 16:54 . 2008-12-24 10:34 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVUClient2008-12-17 20:13 . 2008-12-17 20:13 <DIR> d-------- c:\program files\HexCmp2008-12-17 20:10 . 2008-12-17 20:10 <DIR> d-------- c:\program files\DiffMerge2008-12-14 14:24 . 2008-12-14 14:24 <DIR> d-------- C:\MinGW2008-12-14 14:24 . 2008-12-14 14:24 41 --a------ c:\windows\MinGW.INI2008-12-14 13:45 . 2008-12-14 13:45 <DIR> d-------- C:\Tcl2008-12-12 23:20 . 2008-12-12 23:20 <DIR> d-------- C:\ijji2008-12-12 23:18 . 2008-12-12 23:18 <DIR> d-------- c:\program files\NHN USA2008-12-12 23:18 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe2008-12-12 23:18 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll2008-12-12 23:18 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-08 05:07 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet2009-01-08 05:07 --------- d-----w c:\documents and settings\ez\Application Data\WTablet2009-01-08 05:01 --------- d-----w c:\program files\Taskbar Shuffle2009-01-08 05:00 --------- d-----w c:\program files\AVG82009-01-08 04:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg82009-01-08 03:59 --------- d-----w c:\program files\Mozilla Firefox 32009-01-05 14:04 111,616 ----a-w c:\windows\system32\userinit.exe2009-01-04 22:02 --------- d-----w c:\documents and settings\ez\Application Data\gtk-2.02009-01-04 18:48 --------- d-----w c:\documents and settings\ez\Application Data\uTorrent2009-01-04 09:04 --------- d-----w c:\program files\Tablet2009-01-03 23:27 --------- d-----w c:\program files\Folding@Home2009-01-03 22:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2009-01-03 20:04 --------- d-----w c:\program files\Trillian2008-12-30 21:51 --------- d-----w c:\program files\Starcraft2008-12-18 05:45 --------- d-----w c:\program files\Gunz2008-12-17 18:12 --------- d-----w c:\documents and settings\ez\Application Data\Hamachi2008-12-16 22:36 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll2008-12-16 22:27 --------- d-----w c:\program files\Diablo II2008-12-14 04:28 --------- d-----w c:\program files\Notepad++2008-12-13 08:20 --------- d--h--w c:\documents and settings\ez\Application Data\ijjigame2008-12-13 06:18 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-13 02:15 --------- d-----w c:\documents and settings\ez\Application Data\OpenOffice.org22008-12-06 19:12 --------- d-----w c:\program files\JCreatorV4LE2008-12-04 07:41 --------- d-----w c:\program files\Yahoo!2008-12-04 02:54 410,984 ----a-w c:\windows\system32\deploytk.dll2008-12-04 02:54 --------- d-----w c:\program files\Sun2008-12-04 02:53 --------- d-----w c:\program files\Java2008-11-26 14:16 4,096 ----a-w c:\windows\system32\drivers\nocashio.sys2008-11-22 21:44 1,032,582 ----a-w c:\windows\system32\alleg42.dll2008-11-18 06:45 --------- d-----w c:\program files\scilab-5.0.32008-11-16 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2008-11-16 00:07 --------- d-----w c:\program files\BroodWarAi Project2008-11-15 01:28 --------- d-----w c:\program files\Spybot - Search & Destroy2008-11-09 11:02 --------- d-----w c:\program files\RelevantKnowledge2008-10-30 18:13 2,749,224 ----a-w c:\windows\system32\Wacom_Tablet.exe2008-10-30 18:00 182,056 ----a-w c:\windows\system32\Wacom_Tablet.dll2007-09-03 18:43 428 ----a-w c:\documents and settings\ez\Application Data\hexplorer.dat2007-09-03 18:43 4 ----a-w c:\documents and settings\ez\Application Data\mclip.dat2007-01-25 10:52 65,536 ----a-w c:\program files\Common Files\NMSAccessU.exe2004-12-02 00:34 716 ---ha-w c:\documents and settings\All Users\Application Data\pb7msys.dat2008-04-17 08:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-04-17 08:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-04-17 08:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-04-17 08:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-04-17 08:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll2008-10-02 07:13 88 --sh--r c:\windows\system32\4F57F3EF13.sys2008-10-02 07:13 3,608 --sha-w c:\windows\system32\KGyGaAvL.sys.------- Sigcheck -------2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys2003-03-31 05:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\system32\dllcache\tcpip.sys2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 c:\windows\system32\drivers\tcpip.sys2003-03-31 05:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\userinit.exe2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\dllcache\userinit.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2007-06-16 827392]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-28 352256]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]c:\documents and settings\ez\Start Menu\Programs\Startup\DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-05-02 62464][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoWinKeys"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSetActiveDesktop"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.CSCD"= camcodec.dll"VIDC.XFR1"= xfcodec.dll"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk][HKLM\~\startupfolder\C:^Documents and Settings^ez^Start Menu^Programs^Startup^Last.fm Helper.lnk]HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00Hotkeys]--a------ 2006-12-01 17:13 45056 c:\program files\Qliner Hotkeys\HotKeys.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]--a------ 2008-02-20 07:33 963072 c:\program files\Ares\Ares.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]--a------ 2008-04-01 02:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]--a------ 2001-08-23 05:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]--a------ 2004-08-03 21:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]--a------ 2004-08-03 21:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]--a------ 2008-03-24 19:03 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2006-02-13 19:05 1519616 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\windows\Network Diagnostic\xpnetdiag.exe"= c:\windows\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000"c:\\Program Files\\Trillian\\trillian.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="c:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"="c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\Cave Story Deluxe\\dedicated\\Dedicated.exe"="c:\\Program Files\\Starcraft\\StarCraft.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Gunz\\Gunz.exe"="c:\\Program Files\\Soldat\\Soldat.exe"="c:\\Program Files\\Miro\\Miro_Downloader.exe"="c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\ROM\\zsnesw142\\zsnesw.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\MSN Messenger\\msnmsgr.exe"="c:\\Program Files\\MSN Messenger\\livecall.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"="c:\\Program Files\\ApexDC++\\ApexDC.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"5000:TCP"= 5000:TCP:AresChatServer--- Other Services/Drivers In Memory ---*Deregistered* - AegisP*Deregistered* - AFD*Deregistered* - ALG*Deregistered* - AntiVirScheduler*Deregistered* - AntiVirService*Deregistered* - Aspi32*Deregistered* - AudioSrv*Deregistered* - audstub*Deregistered* - avgio*Deregistered* - avgntflt*Deregistered* - avipbb*Deregistered* - Beep*Deregistered* - Bonjour Service*Deregistered* - Browser*Deregistered* - Cdfs*Deregistered* - CryptSvc*Deregistered* - Dhcp*Deregistered* - dmio*Deregistered* - dmload*Deregistered* - dmserver*Deregistered* - Dnscache*Deregistered* - ERSvc*Deregistered* - EventSystem*Deregistered* - FastUserSwitchingCompatibility*Deregistered* - Fips*Deregistered* - FltMgr*Deregistered* - Ftdisk*Deregistered* - Gpc*Deregistered* - hamachi*Deregistered* - helpsvc*Deregistered* - HidServ*Deregistered* - IpNat*Deregistered* - IPSec*Deregistered* - JavaQuickStarterService*Deregistered* - KSecDD*Deregistered* - lanmanserver*Deregistered* - lanmanworkstation*Deregistered* - LmHosts*Deregistered* - McAfeeFramework*Deregistered* - mcdbus*Deregistered* - McTaskManager*Deregistered* - mnmdd*Deregistered* - Mouclass*Deregistered* - MountMgr*Deregistered* - MRxDAV*Deregistered* - MRxSmb*Deregistered* - Msfs*Deregistered* - mssmbios*Deregistered* - Mup*Deregistered* - NaiAvTdi1*Deregistered* - NDIS*Deregistered* - NdisTapi*Deregistered* - Ndisuio*Deregistered* - NdisWan*Deregistered* - NDProxy*Deregistered* - NetBIOS*Deregistered* - NetBT*Deregistered* - Netman*Deregistered* - Nla*Deregistered* - NMSAccessU*Deregistered* - Npfs*Deregistered* - npkcmsvc*Deregistered* - Ntfs*Deregistered* - Null*Deregistered* - NVSvc*Deregistered* - PartMgr*Deregistered* - PenClass*Deregistered* - PnkBstrA*Deregistered* - PolicyAgent*Deregistered* - PptpMiniport*Deregistered* - ProtectedStorage*Deregistered* - ProtexisLicensing*Deregistered* - PSched*Deregistered* - RasAcd*Deregistered* - Rasl2tp*Deregistered* - RasMan*Deregistered* - RasPppoe*Deregistered* - Raspti*Deregistered* - Rdbss*Deregistered* - RDPCDD*Deregistered* - rdpdr*Deregistered* - RemoteRegistry*Deregistered* - RpcSs*Deregistered* - SamSs*Deregistered* - SASDIFSV*Deregistered* - SASKUTIL*Deregistered* - Schedule*Deregistered* - seclogon*Deregistered* - SENS*Deregistered* - Sentinel*Deregistered* - SentinelKeysServer*Deregistered* - SentinelProtectionServer*Deregistered* - SharedAccess*Deregistered* - ShellHWDetection*Deregistered* - Spooler*Deregistered* - sptd*Deregistered* - sr*Deregistered* - srservice*Deregistered* - Srv*Deregistered* - ssmdrv*Deregistered* - stisvc*Deregistered* - swenum*Deregistered* - TabletServiceWacom*Deregistered* - TapiSrv*Deregistered* - Tcpip*Deregistered* - TermDD*Deregistered* - TermService*Deregistered* - Themes*Deregistered* - TrkWks*Deregistered* - Update*Deregistered* - VgaSave*Deregistered* - Viewpoint Manager Service*Deregistered* - VolSnap*Deregistered* - W32Time*Deregistered* - wacomvhid*Deregistered* - WacomVKHid*Deregistered* - Wanarp*Deregistered* - WebClient*Deregistered* - winmgmt*Deregistered* - WinVNC4*Deregistered* - WmXlCore*Deregistered* - WS2IFSL*Deregistered* - WudfPf*Deregistered* - WudfSvc*Deregistered* - WZCSVC[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]\Shell\AutoRun\command - F:\SETUP.EXE.Contents of the 'Scheduled Tasks' folder2009-01-05 c:\windows\Tasks\0640.job- c:\documents and settings\ez\Desktop\Main\Text Files\0640.txt [2008-11-28 10:50]2008-08-31 c:\windows\Tasks\229.job- c:\documents and settings\ez\Desktop\Main\Text Files\229.txt [2008-08-31 09:03]2009-01-07 c:\windows\Tasks\amhdrfty.job- c:\windows\system32\rundll32.exe [2004-08-03 23:56]2009-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844823847-839522115-1005.job- c:\documents and settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 01:17].- - - - ORPHANS REMOVED - - - -BHO-{69085d99-c561-4800-8ce8-4ec8804fc6f5} - c:\windows\system32\zvsret.dll.------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnkFF - ProfilePath - c:\documents and settings\ez\Application Data\Mozilla\Firefox\Profiles\qlfy4h7m.default\FF - prefs.js: browser.startup.homepage - hxxp://www.staredit.net/?p=index|http://garbeld.deviantart.com/|http://plushandblood.informe.com/index.php|http://conceptart.org/forums/|http://www.plushandblood.com/Chat.php|chrome://quicknote/content/quicknote.xhtmlFF - plugin: c:\documents and settings\ez\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dllFF - plugin: c:\program files\Mozilla Firefox 3\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox 3\plugins\npijjiFFPlugin1.dllFF - plugin: c:\program files\Mozilla Firefox 3\plugins\npViewpoint.dllFF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-07 22:13:12Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16FC62B2-8AFB-457E-EADC-12372DB45CA9}*NULL*]"haolhebpmoeeheii"=hex:6b,61,6c,61,6f,67,63,61,61,61,6a,61,6a,6b,6e,64,66,70,\ 63,6b,68,69,00,7f"eaijajfmjg"=hex:66,61,67,6b,70,6b,61,68,69,69,61,65,00,31"danjdjca"=hex:64,62,6d,6c,63,63,70,68,68,70,64,64,62,6b,63,64,6d,67,6a,66,62,\ 6c,64,70,6f,6f,6e,6c,6b,6a,63,64,67,67,6f,66,64,6a,68,69,00,00"iaanachnfkabolimfd"=hex:6a,61,65,6f,70,68,65,6a,6c,6f,6c,69,68,6b,68,6a,69,6a,\ 6d,6d,00,d0[HKEY_LOCAL_MACHINE\software\Classes\ppifile\DefaultIcon]@DACL=(02 0000)@=expand:"%SystemRoot%\\system32\\msppcnfg.exe,1"[HKEY_LOCAL_MACHINE\software\Classes\ppifile\shell]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]@DACL=(02 0000)@="FlashAccessibility"[HKEY_LOCAL_MACHINE\software\JMICRON Technologies, Inc.\JRAID]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]@DACL=(02 0000)"Priority"=dword:00000001"AutoInsert"=dword:00000001"Name"="WMPlayer Spectrum Analyzer DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]@DACL=(02 0000)"Priority"=dword:fffffffb"AutoInsert"=dword:00000001"Name"="WMPlayer SRSWow DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]@DACL=(02 0000)"Priority"=dword:fffffffe"AutoInsert"=dword:00000001"Name"="WMPlayer Video Processing DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]@DACL=(02 0000)"Priority"=dword:00000002"AutoInsert"=dword:00000000"Name"="Speaker Enhancement DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]@DACL=(02 0000)"Priority"=dword:00000003"AutoInsert"=dword:00000001"Name"="WMPlayer Equalizer DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]@DACL=(02 0000)"Priority"=dword:fffffffc"AutoInsert"=dword:00000001"Name"="Seamless Audio DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]@DACL=(02 0000)"Priority"=dword:fffffffd"AutoInsert"=dword:00000001"Name"="Volume Normalization DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]@DACL=(02 0000)"Priority"=dword:fffffffe"AutoInsert"=dword:00000001"Name"="WMPlayer Time Compression DMO"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]@DACL=(02 0000)"classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4""visible"="false""tabstop"="false""width"="1""height"="1"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]@DACL=(02 0000)"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A""toolTip"="res://wmploc.dll/RT_STRING/#1845""min"="-100""max"="100""value"="wmpprop:player.settings.balance""value_onchange"="player.settings.balance=value;""accName"="res://wmploc.dll/RT_STRING/#2112""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]@DACL=(02 0000)"classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]@DACL=(02 0000)"classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""upToolTip"="res://wmploc.dll/RT_STRING/#1812""onclick"="view.close();""accName"="res://wmploc.dll/RT_STRING/#2134""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]@DACL=(02 0000)"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E""tabStop"="true""justification"="right""value"="wmpprop:player.controls.currentPositionString""accName"="res://wmploc.dll/RT_STRING/#2103"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]@DACL=(02 0000)"classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6""cursor"="hand"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]@DACL=(02 0000)"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70""playlistItemsVisible"="false"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]@DACL=(02 0000)"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E""tabStop"="true""justification"="right""value"="wmpprop:player.currentMedia.DurationString""accName"="res://wmploc.dll/RT_STRING/#2104"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]@DACL=(02 0000)"classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]@DACL=(02 0000)"classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB""tabStop"="false"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.fastforward""upToolTip"="res://wmploc.dll/RT_STRING/#1804""onclick"="player.controls.FastForward()""accName"="res://wmploc.dll/RT_STRING/#2120""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""cursor"="hand""accName"="res://wmploc.dll/RT_STRING/#2140"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]@DACL=(02 0000)"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70""backgroundcolor"="black""foregroundcolor"="white""columnsVisible"="false""columns"="name=Name;Duration=Time""dropDownVisible"="false"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]@DACL=(02 0000)"classid"="clsid:D9DE732A-AEE9-4503-9D11-5605589977A8"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]@DACL=(02 0000)"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]@DACL=(02 0000)"classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF""visible"="false""tabstop"="false""width"="1""height"="1"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""upToolTip"="res://wmploc.dll/RT_STRING/#1811""onclick"="view.minimize();""accName"="res://wmploc.dll/RT_STRING/#2132""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""upToolTip"="res://wmploc.dll/RT_STRING/#1807""downToolTip"="res://wmploc.dll/RT_STRING/#1808""sticky"="true""down"="wmpprop:player.settings.mute""onClick"="player.settings.mute=down;""accName"="res://wmploc.dll/RT_STRING/#2130""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.next""upToolTip"="res://wmploc.dll/RT_STRING/#1806""onclick"="player.controls.Next()""accName"="res://wmploc.dll/RT_STRING/#2124""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.pause""upToolTip"="res://wmploc.dll/RT_STRING/#1801""onclick"="player.controls.pause()""accName"="res://wmploc.dll/RT_STRING/#2116""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.play""upToolTip"="res://wmploc.dll/RT_STRING/#1800""onclick"="player.controls.play()""accName"="res://wmploc.dll/RT_STRING/#2115""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]@DACL=(02 0000)"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]@DACL=(02 0000)"classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]@DACL=(02 0000)"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583""popup"="true""visible"="false""backgroundColor"="menu""foregroundColor"="menutext"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.previous""upToolTip"="res://wmploc.dll/RT_STRING/#1805""onclick"="player.controls.Previous()""accName"="res://wmploc.dll/RT_STRING/#2126""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]@DACL=(02 0000)"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""upToolTip"="res://wmploc.dll/RT_STRING/#1816""downToolTip"="res://wmploc.dll/RT_STRING/#1817""sticky"="true""down"="jscript:player.settings.GetMode(\"loop\");""onClick"="player.settings.setMode(\"loop\", down);""accName"="res://wmploc.dll/RT_STRING/#2138""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]@DACL=(02 0000)"upToolTip"="res://wmploc.dll/RT_STRING/#1813""classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""onclick"="view.returnToMediaCenter();""accName"="res://wmploc.dll/RT_STRING/#2128""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.fastreverse""upToolTip"="res://wmploc.dll/RT_STRING/#1803""onclick"="player.controls.FastReverse()""accName"="res://wmploc.dll/RT_STRING/#2122""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]@DACL=(02 0000)"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A""toolTip"="res://wmploc.dll/RT_STRING/#1809""min"="0""max"="wmpprop:player.currentmedia.duration""value"="wmpprop:player.controls.currentposition""ondragend"="player.controls.currentposition=value;""foregroundProgress"="wmpprop:player.network.downloadProgress""useForegroundProgress"="true""accName"="res://wmploc.dll/RT_STRING/#2109""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""upToolTip"="res://wmploc.dll/RT_STRING/#1814""downToolTip"="res://wmploc.dll/RT_STRING/#1815""sticky"="true""down"="jscript:player.settings.GetMode(\"shuffle\");""onClick"="player.settings.setMode(\"shuffle\", down);""accName"="res://wmploc.dll/RT_STRING/#2136""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]@DACL=(02 0000)"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]@DACL=(02 0000)"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E""tabStop"="true""value"="wmpprop:player.status""accName"="res://wmploc.dll/RT_STRING/#2102"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]@DACL=(02 0000)"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A""enabled"="wmpenabled:player.controls.stop""upToolTip"="res://wmploc.dll/RT_STRING/#1802""onclick"="player.controls.stop()""accName"="res://wmploc.dll/RT_STRING/#2118""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]@DACL=(02 0000)"classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]@DACL=(02 0000)"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E""tabStop"="false"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]@DACL=(02 0000)"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E""tabStop"="true""value"="wmpprop:player.currentmedia.name""accName"="res://wmploc.dll/RT_STRING/#2105"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]@DACL=(02 0000)"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]@DACL=(02 0000)"classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859""tabStop"="false"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]@DACL=(02 0000)"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A""min"="0""max"="100""value"="wmpprop:player.settings.volume""value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=false;}""toolTip"="res://wmploc.dll/RT_STRING/#1810""accName"="res://wmploc.dll/RT_STRING/#2110""accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]@DACL=(02 0000)"classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D""tabStop"="false""width"="250""height"="200""horizontalAlignment"="stretch""verticalAlignment"="stretch""currentEffectType"="wmpprop:mediacenter.effectType""currentPreset"="wmpprop:mediacenter.effectPreset""currentEffectType_onchange"="mediacenter.effectType = currentEffectType;""currentPreset_onchange"="mediacenter.effectPreset = currentPreset;""onclick"="next();"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]@DACL=(02 0000)"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752""horizontalAlignment"="stretch""verticalAlignment"="stretch""zoom"="wmpprop:mediacenter.videoZoom""stretchToFit"="wmpprop:mediacenter.videoStretchToFit""backgroundColor"="black"[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]@DACL=(02 0000)"NoServices"=dword:00000000[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services\MediaGuide]@DACL=(02 0000)"FriendlyName"="Media Guide""ColorPlayer"="#0063B0""ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png""ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png""Task1ButtonText"="Media Guide""Task1ButtonTip"="Media Guide""Type"=dword:00000002[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]@DACL=(02 0000)"wmp.dll"=hex:00,00,0b,00,19,14,59,16"wmploc.dll"=hex:00,00,0b,00,19,14,59,16"wmplayer.exe"=hex:00,00,0b,00,19,14,59,16[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\Songbird.exe]@DACL=(02 0000)@=""[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\xulrunner.exe]@DACL=(02 0000)@=""[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]@DACL=(02 0000)[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]@DACL=(02 0000)"FriendlyName"="Windows Live Messenger Music Plugin""Description"="Changes your personal message in Windows Live Messenger to show the currently playing song.""Capabilities"=dword:40000001[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]@DACL=(02 0000)"FriendlyName"="DirectX""ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}""Version"=dword:00040009"Sub-Version"=dword:00000388"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]@DACL=(02 0000)"FriendlyName"="DirectX BDA""ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}""Version"=dword:00040009"Sub-Version"=dword:00000388"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]@DACL=(02 0000)"FriendlyName"="Windows Media Files""ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}""Version"=dword:000a0000"Sub-Version"=dword:00000eda"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf""ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]@DACL=(02 0000).--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(944)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\program files\relevantknowledge\rlls.dll.Completion time: 2009-01-07 22:16:59ComboFix-quarantined-files.txt 2009-01-08 05:15:44Pre-Run: 11,645,476,864 bytes freePost-Run: 11,717,521,408 bytes free1016 --- E O F --- 2007-07-10 02:16:26 Quote Link to post Share on other sites
jwbirdsong Posted January 12, 2009 Report Share Posted January 12, 2009 Sorry your post has sat unanswered for so long .For a variety of reasons I've been unable to reply. I will post as soon after work today as possible Quote Link to post Share on other sites
jwbirdsong Posted January 14, 2009 Report Share Posted January 14, 2009 Well, I can again access internet through browser.I was hoping that would be the case.Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner Click "I accept"You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard)[*]Scan Options: Scan Archives Scan Mail Bases[*]Click OK [*]Now under select a target to scan select My Computer [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. [*]Now click on the Save report button.[*]Call it Kaspersky.txt[*]Expand the arrow beside "file types" and save as .txt file.[*]Save the file to your desktop. [*]Copy and paste that information in your next post.*NoteIf you have Internet Explorer 7 installed:If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.Page will reload and you should be able to carry on scan.If the KAV log has your email all over it -- please attach it rather than copy/paste.Run a fresh Combofix logPost [*]KAV results[*]Combofix log in your next reply. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.