Garbeld

Ongoing Problems

Recommended Posts

I've had issues with atleast three different consecutive rogue antivirus programs popping up; each time, I run AVGFree, Malware Byte's, or Spybot, until all three have been tried and/or the current problem seems gone. Current state of my computer is I cannot access any websites ( I'm currently posting from my secondary PC ) ; nothing but blank, errorless pages load. I've gotten seemingly-random "Must restart because DCOM server process launcher terminated" or somesuch error, and occasional spontaneous freezes when trying to login...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:52:58 PM, on 1/5/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\NMSAccessU.exe

C:\Program Files\Mabinogi\npkcmsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\AVG8\avgtray.exe

C:\Program Files\WhatPulse\WhatPulse.exe

C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\DeskPins\DeskPins.exe

C:\Documents and Settings\ez\Desktop\Main\Downloads\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: {5f6cf408-8ce4-8ec8-0084-165c99d58096} - {69085d99-c561-4800-8ce8-4ec8804fc6f5} - C:\WINDOWS\system32\zvsret.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')

O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (User '?')

O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')

O4 - HKUS\S-1-5-21-329068152-1844823847-839522115-1005\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')

O4 - S-1-5-21-329068152-1844823847-839522115-1005 Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (User '?')

O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184031087156

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: RelevantKnowledge - C:\program files\relevantknowledge\rlls.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX - C:\Program Files\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Mabinogi\npkcmsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 10440 bytes

Share this post


Link to post
Share on other sites

Step 1

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Download OTViewIt to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You can ATTACH both of these if needed.
  • You may need to use two posts to get it all on the forum or ATTACH OTviewit logs

Please post

  • OTViewIt logs

in your reply. You can ATTACH one if needed.

EDIT: IMMEDIATLY after a reboot try MBAM again and npost a log from that if able.

Share this post


Link to post
Share on other sites

Posting while I wait for MBAM to finish, will append

OTViewIt logfile created on: 1/6/2009 7:13:33 PM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wut

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free

3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Drive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAG

Current User Name: ez

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2006/04/17 00:34:42 | 16,143,872 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

[2004/08/18 07:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe

[2008/12/03 19:54:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2006/08/21 10:48:46 | 00,665,600 | ---- | M] (WhatPulse.org) -- C:\Program Files\WhatPulse\WhatPulse.exe

[2007/06/16 13:47:44 | 00,827,392 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe

[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

[2008/08/12 11:18:03 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgrsx.exe

[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe

[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe

[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe

[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

[2008/10/30 11:14:00 | 00,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe

[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[2008/09/03 01:17:46 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[2004/08/03 23:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2009/01/06 15:38:02 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ez\Desktop\wut\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (AdobeActiveFileMonitor6.0 [Auto | Stopped])

[2007/03/19 18:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])

[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/09/26 19:37:21 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])

[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX) -- C:\Program Files\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])

[2008/04/16 02:39:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2006/10/20 20:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2006/10/30 02:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2008/12/03 19:54:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])

[2004/08/18 07:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [On_Demand | Stopped])

[2004/08/18 07:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])

[2006/10/30 02:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2007/01/25 03:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])

[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])

[2006/02/13 19:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2007/08/22 18:33:44 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])

[2007/11/30 11:27:22 | 00,558,592 | ---- | M] (ReaSoft) -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe -- (rcp_service [On_Demand | Stopped])

[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer [Auto | Running])

[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer [Auto | Running])

[2008/10/30 11:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])

[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

[2006/05/12 14:04:08 | 00,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Stopped])

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

========== Driver Services ==========

[2007/07/09 17:43:26 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])

[2004/04/27 08:26:48 | 00,005,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS -- (Asushwio [On_Demand | Stopped])

[2008/09/26 19:37:20 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running])

[2008/08/12 11:18:09 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running])

[2004/08/18 07:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Stopped])

[2008/03/20 22:55:29 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])

[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2006/04/17 01:31:26 | 04,262,912 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])

[2006/02/07 04:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [boot | Running])

[2006/07/01 02:47:08 | 00,041,216 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [boot | Running])

[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2006/09/22 13:06:10 | 00,092,160 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])

[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2004/08/18 07:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Stopped])

[2004/08/18 07:00:00 | 00,058,016 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [system | Running])

[2008/11/26 07:16:57 | 00,004,096 | ---- | M] () -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])

[2006/02/13 19:05:00 | 03,642,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [system | Running])

[2001/04/09 06:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [boot | Running])

[2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2007/01/11 17:20:06 | 00,194,304 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])

[2008/12/22 11:06:00 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])

[2008/12/22 11:06:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2008/12/22 11:05:58 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2003/03/31 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2007/04/27 06:40:00 | 00,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Running])

[2008/04/18 17:16:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2008/10/06 11:53:24 | 00,015,656 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor [On_Demand | Running])

[2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])

[2008/07/11 11:16:50 | 00,013,352 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])

[2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])

[2006/04/19 23:44:38 | 00,479,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

[2006/06/06 14:37:10 | 00,011,136 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])

[2006/06/06 14:37:10 | 00,021,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])

[2006/06/06 14:37:10 | 00,006,400 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])

[2006/06/06 14:37:12 | 00,046,208 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

[2003/03/31 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

[2007/02/26 18:15:21 | 00,061,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

[2005/09/19 07:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])

[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://www.msn.com/?wl=true

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

{69085d99-c561-4800-8ce8-4ec8804fc6f5} (HKLM) -- C:\WINDOWS\system32\zvsret.dll ()

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)

"AVG8_TRAY"=C:\PROGRA~1\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)

"JMB36X Configure"=C:\WINDOWS\System32\JMRaidTool.exe boot (JMicron Technology Corp.)

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

"Taskbar Shuffle"=C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)

"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)

========== (O4) Startup Folders ==========

[2004/05/02 10:02:51 | 00,062,464 | ---- | M] (Elias Fotinis) -- C:\Documents and Settings\ez\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoWinKeys"=1

"AllowLegacyWebView"=1

"AllowUnhashedWebView"=1

"NoSetActiveDesktop"=1

"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableRegistryTools"=0

"DisableTaskMgr"=0

"NoControlPanel"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoSaveSettings"= [binary data]

"ClearRecentDocsOnExit"= [binary data]

"NoActiveDesktop"= [binary data]

"NoWindowsUpdate"=0

"NoControlPanel"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- Reg Error: Key does not exist or could not be opened. File not found

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- Reg Error: Key does not exist or could not be opened. File not found

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 15:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)

{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support

{5F5F9FB8-878E-4455-95E0-F64B2314288A}: http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab -- ijjiPlugin2 Class

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1184031087156 -- MUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{3715EFAA-1ABD-43DB-A6B4-033BA15DEB26} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter)

{40E8FCFF-C861-472C-93F6-76DE1AB1E0D6} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

{424995E3-8EB2-48E4-92C6-2D0C685940D8} (Servers: | Description: )

{52096BAB-94C9-45E8-AB89-1F6B7CAC200C} (Servers: | Description: 1394 Net Adapter)

{648D6542-3CE9-4D24-AB57-2131014CC4A2} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"UserInit"=C:\WINDOWS\system32\userinit.exe,

>[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

RelevantKnowledge: "DllName" = C:\program files\relevantknowledge\rlls.dll -- C:\Program Files\RelevantKnowledge\rlls.dll (RelevantKnowledge)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2007/07/09 17:27:21 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=BW.ICO | ]

[1998/12/13 00:43:32 | 00,000,040 | R--- | M] () -- F:\AUTORUN.INF -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]

""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]

""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]

""=F:\SETUP.EXE -- [1998/11/30 22:04:40 | 00,025,600 | R--- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[2009/01/05 23:33:09 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/01/05 23:33:09 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/01/05 23:33:09 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/01/05 23:33:09 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/01/05 23:33:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/01/05 21:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Desktop\wut

[2009/01/05 07:34:44 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe

[2009/01/05 07:06:58 | 00,000,502 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf

[2009/01/05 07:04:38 | 00,111,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe

[2009/01/04 02:03:31 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys

[2009/01/04 02:03:29 | 00,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll

[2009/01/03 15:19:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2009/01/03 15:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\SUPERAntiSpyware.com

[2009/01/03 10:35:49 | 00,000,000 | ---D | C] -- C:\VundoFix Backups

[2009/01/03 09:25:25 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl

[2009/01/03 09:17:46 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\zvsret.dll

[2009/01/03 09:17:44 | 00,134,144 | ---- | C] () -- C:\WINDOWS\System32\upirftmc.dll

[2009/01/03 08:54:35 | 00,000,304 | ---- | C] () -- C:\WINDOWS\tasks\amhdrfty.job

[2009/01/03 08:53:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\VirusRemover2008

[2009/01/02 16:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development

[2008/12/30 23:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\acccore

[2008/12/28 19:11:22 | 00,000,000 | ---D | C] -- C:\Program Files\Will

[2008/12/24 10:10:03 | 00,000,000 | ---D | C] -- C:\Program Files\clisp-2.47

[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL OCP

[2008/12/23 22:48:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Local Settings\Application Data\AOL

[2008/12/23 22:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/12/23 22:45:07 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint

[2008/12/23 22:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore

[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP

[2008/12/23 22:44:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL

[2008/12/23 22:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL

[2008/12/23 22:44:17 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6

[2008/12/23 22:44:13 | 00,000,456 | -H-- | C] () -- C:\IPH.PH

[2008/12/22 22:32:04 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2008/12/22 22:32:04 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2008/12/20 17:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Batch Converter

[2008/12/19 16:55:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVU

[2008/12/19 16:54:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ez\Application Data\IMVUClient

[2008/12/17 20:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\HexCmp

[2008/12/17 20:10:01 | 00,000,000 | ---D | C] -- C:\Program Files\DiffMerge

[2008/12/14 14:24:12 | 00,000,041 | ---- | C] () -- C:\WINDOWS\MinGW.INI

[2008/12/14 14:24:01 | 00,000,000 | ---D | C] -- C:\MinGW

[2008/12/14 13:45:05 | 00,000,000 | ---D | C] -- C:\Tcl

[2008/12/12 23:20:05 | 00,000,000 | ---D | C] -- C:\ijji

[2008/12/12 23:18:02 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\WINDOWS\System32\PubPlugin.dll

[2008/12/12 23:18:02 | 00,058,800 | ---- | C] (NHN USA Corp.) -- C:\WINDOWS\System32\ijjiPlugin2.dll

[2008/12/12 23:18:01 | 00,710,064 | ---- | C] (NHN USA) -- C:\WINDOWS\System32\ijjiSetup.exe

[2008/12/12 23:18:01 | 00,000,000 | ---D | C] -- C:\Program Files\NHN USA

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009/01/06 00:00:00 | 00,000,304 | ---- | M] () -- C:\WINDOWS\tasks\amhdrfty.job

[2009/01/05 23:29:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/01/05 23:29:11 | 00,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/01/05 23:29:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/01/05 23:29:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/01/05 17:10:49 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd

[2009/01/05 14:18:14 | 00,000,502 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf

[2009/01/05 14:11:31 | 31,581,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/01/05 07:34:44 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe

[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe

[2009/01/05 07:04:35 | 00,111,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe

[2009/01/05 06:41:36 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\0640.job

[2009/01/04 18:47:03 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/01/03 10:51:57 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\zvsret.dll

[2009/01/03 09:17:46 | 00,134,144 | ---- | M] () -- C:\WINDOWS\System32\upirftmc.dll

[2009/01/01 19:51:29 | 00,014,903 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2008/12/31 20:30:00 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\ez\My Documents\My Sharing Folders.lnk

[2008/12/30 22:01:57 | 02,640,806 | -H-- | M] () -- C:\Documents and Settings\ez\Local Settings\Application Data\IconCache.db

[2008/12/23 22:48:47 | 00,000,456 | -H-- | M] () -- C:\IPH.PH

[2008/12/22 22:32:04 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2008/12/22 08:05:17 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2008/12/17 22:50:35 | 00,000,052 | ---- | M] () -- C:\WINDOWS\GunzLauncher.INI

[2008/12/16 15:36:02 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008/12/14 14:24:12 | 00,000,041 | ---- | M] () -- C:\WINDOWS\MinGW.INI

[2008/12/14 09:48:03 | 00,002,048 | ---- | M] () -- C:\WINDOWS\System32\Tr_sttool.dat

< End of report >

OTViewIt Extras logfile created on: 1/6/2009 7:13:33 PM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\ez\Desktop\wut

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 71.80% Memory free

3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.91% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.23 Gb Total Space | 10.85 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Drive D: | 139.73 Gb Total Space | 10.99 Gb Free Space | 7.87% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DAG

Current User Name: ez

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=1

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/08/03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2006/10/10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000

[2008/10/01 23:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian

[2008/02/20 07:33:48 | 00,963,072 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows

[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

[2007/05/09 04:34:40 | 00,270,336 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya

[2007/08/16 04:31:36 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\Cave Story Deluxe\dedicated\Dedicated.exe:*:Enabled:Dedicated

[2008/11/05 18:10:59 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft

[2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008/12/17 22:29:33 | 01,097,728 | ---- | M] (MAIET entertainment) -- C:\Program Files\Gunz\Gunz.exe:*:Enabled:Gunz

[2007/08/10 21:32:50 | 00,678,400 | ---- | M] (Michal Marcinkowski) -- C:\Program Files\Soldat\Soldat.exe:*:Enabled:Soldat

[2008/01/10 14:26:16 | 04,138,882 | ---- | M] () -- C:\Program Files\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader

[2005/01/19 18:35:44 | 00,513,024 | ---- | M] () -- C:\Documents and Settings\ez\Desktop\Main\Game Files\ROM\zsnesw142\zsnesw.exe:*:Enabled:zsnesw

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2008/08/21 11:01:30 | 00,268,592 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent

[2007/04/27 06:40:00 | 00,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server

[2007/04/27 00:00:04 | 00,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server

[2008/09/26 19:36:38 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\avgupd.exe:*:Enabled:avgupd.exe

[2008/06/10 13:06:16 | 03,103,232 | ---- | M] (ApexDC++ Development Team) -- C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing

[2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader

[2008/10/21 10:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\TEMP\ntdll64.dll File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[2008/08/12 11:18:05 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[2004/08/03 23:56:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

File not found Reg Error: Key does not exist or could not be opened. (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Reg Error: Key does not exist or could not be opened.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0070ED8E-6BEB-4883-BFEB-BACCAA1B6F05}_is1"=Artweaver Lua Script Interface

"{0140AE80-C3C6-4FE8-85AC-32EEB48BBDD1}"=Grubclient

"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics

"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}"=LastChaos

"{0B62392F-B7D7-4DE3-AD15-30819F1C925E}"=Sodipodi

"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}"=Logitech Gaming Software

"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail

"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer

"{23A67E8B-9C1F-4CBC-86C2-E4D899D568A9}"=Paper Chase 2

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2

"{257E440F-781F-459B-9A68-A0872B80C1D6}"=Windows Live Photo Gallery

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{27BFACF0-571C-4A2E-8577-2F6FD2457C93}"=Animation-ish Home Trial

"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1"=RegAlyzer

"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}"=Maya 8.5 Personal Learning Edition

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5

"{3254950A-7242-4258-848A-11BF092403D6}"=Aranock Online

"{32A3A4F4-B792-11D6-A78A-00B0D0160100}"=Java SE Development Kit 6 Update 10

"{32A3A4F4-B792-11D6-A78A-00B0D0160110}"=Java SE Development Kit 6 Update 11

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=JRAID

"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation

"{4B2DEF0C-51B4-4250-A082-7C3CD4FB2828}"=RealWorld Cursor Editor

"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings

"{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}"=Paint.NET v3.31

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{54A55DF7-BCC0-4C98-84AB-01CDA57687C7}"=Hex Workshop v5.1

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger

"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}"=Sentinel Protection Installer 7.4.0

"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}"=RGSS-RTP Standard

"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}"=msxml4

"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}"=ArtRage 2 Starter Edition

"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}"=McAfee VirusScan Enterprise

"{62281EAA-419B-44A5-894A-58E7A7324E0E}"=Light of Dawn

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}"=Corel Paint Shop Pro Photo X2

"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}"=Microsoft Xbox 360 Accessories 1.1

"{69440E1E-7D34-4C00-B878-9412B1707F1C}"=SourceGear DiffMerge

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin

"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}"=Maya 8.5 Personal Learning Edition Documentation (en_US)

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings

"{6D4E1222-AFEA-4848-A100-8A6011B624D4}"=openCanvas4.5.11e Plus

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar

"{7A8358BC-78B6-404B-9792-F344A6AB59C9}"=Curator Defense

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation

"{80851370-07CF-477B-837D-F2E488916CFE}"=OpenOffice.org 2.4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{8A4D41F3-3EDA-4DAC-9403-839708EA0667}"=Install(US)2

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer

"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}"=Adobe Illustrator CS

"{91DD9DED-5979-4FB3-AC7D-80091CC1FC40}"=TVPaint Animation

"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}"=Numedia CD-DVD writing as non-admin user

"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6

"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings

"{96443F45-13E2-11D6-AC87-00D0B7A9E540}"=Arx Fatalis

"{998D6972-F58E-479D-9248-8F179E55AE38}"=Java DB 10.4.1.3

"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5

"{9B2ADD3A-AFAF-4622-AC6F-C86FF36CC245}"=USB Flash Disk Utility

"{9B34CAC6-738F-4A20-B428-A115C3E3474C}"=RPGXP

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}"=Pixia

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}"=MSXML 6.0 Parser

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)

"{A8B94669-8654-4126-BD28-D0D2412CDED6}"=TI Connect 1.6

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2

"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant

"{B09DFBF9-9148-4070-A493-69D71455D983}_is1"=Artweaver

"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter

"{B2E56E2A-1DE2-454B-A24A-CAA471EBDC99}"=Toon Boom Digital Pro PLE

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy

"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}"=TextPad 5

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime

"{C314764F-2C47-44DA-BE37-F48BB7322BE4}_is1"=Screen Video Recorder 1.5

"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}"=Blaze Media Pro

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{EF434C52-D882-43DB-8777-EC7B10D8943C}"=America's Army

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver

"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0

"{F99C5427-4D78-43E2-B97E-F4C4E622D612}"=MapleStory

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFC1ADE3-944B-4231-894E-3903C37271D2}"=Adobe Setup

"7-Zip"=7-Zip 4.57

"ActiveTcl 8.5.5.0"=ActiveState ActiveTcl 8.5.5.0

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0

"Adobe Shockwave Player"=Adobe Shockwave Player

"Adobe SVG Viewer"=Adobe SVG Viewer 3.0

"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings

"Adobe_c3c7fe8b09d497ab2b3fd91c9353390"=Adobe Flash CS3 Professional

"Advanced Batch Converter"=Advanced Batch Converter

"AIM_6"=AIM 6

"AMUST Disk Cleaner_is1"=AMUST Disk Cleaner 1.0

"Animated GIF Banner Maker"=Animated GIF Banner Maker

"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus

"Any Video Converter_is1"=Any Video Converter 2.6.2

"ApexDC++"=ApexDC++ 1.1.0

"Apophysis 2.0"=Apophysis 2.0

"Ares"=Ares 2.0.9

"Armadillo Run Demo_is1"=Armadillo Run Demo Version 1.0.1

"ATMA V"=ATMA V 5.05

"attack of the groox - encounter on blubuzz"=attack of the groox - encounter on blubuzz

"Audacity_is1"=Audacity 1.2.6

"AVG8Uninstall"=AVG Free 8.0

"Avidemux 2.4"=Avidemux 2.4

"AVIedit 3.38"=AVIedit 3.38

"Babiloo"=Babiloo

"BabyaPhotoWorkshop11.0_is1"=Babya Photo Workshop Professional 12.0

"Blaze Media Pro"=Blaze Media Pro

"Blender"=Blender (remove only)

"BulentsScreenRecorder4"=BSR Screen Recorder 4

"camcodec"=CamStudio Lossless Codec

"CamStudio"=CamStudio

"Cave Story Deluxe"=Cave Story Deluxe

"Chipamp"=Chipamp

"Collab"=Collab

"Color Efex Pro 3.0 Complete"=Color Efex Pro 3.0 Complete

"Color7 Music Editor_is1"=Color7 Music Editor v6.2.9

"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-09-21 16:18

"Cylekx_is1"=Cylekx 2.6

"DeskPins"=DeskPins (remove only)

"Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2)

"Diablo II"=Diablo II

"DVD to VCD AVI DivX Converter v3.2 (build 069)"=DVD to VCD AVI DivX Converter v3.2 (build 069)

"eMule"=eMule

"Enigma"=Enigma

"Firebird SQL Server US"=Firebird SQL Server - MAGIX Edition

"fluffy"=fluffy

"[email protected]"[email protected]

"Fraps"=Fraps

"Free Screen Recorder_is1"=Free Screen Recorder v2.9

"Freecorder Toolbar3.0"=Freecorder Toolbar 3.0 Application

"Furcadia"=Furcadia

"GoldWave v5.23"=GoldWave v5.23

"GoPets"=GoPets

"GotEd_is1"=GotEd V1.0

"GraphicsGale FreeEdition_is1"=GraphicsGale FreeEdition version 1.86

"Grooveshark"=sharkbyte

"Gtk+ Runtime Environment"=Gtk+ Runtime Environment 2.10.11-1

"gtkmm"=gtkmm Runtime Environment 2.10

"Gunz"=ijji - Gunz

"Hamachi"=Hamachi 1.0.3.0

"HexCmp 2_is1"=HexCmp 2.34

"Hexplorer"=ICY Hexplorer (remove only)

"HijackThis"=HijackThis 2.0.2

"HyperCam 2"=HyperCam 2

"ICE v2.03 Setup"=ICE v2.03 Setup

"IcoFX_is1"=IcoFX 1.6

"Icon In Depth_is1"=Icon In Depth 1.5.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"i-Fun Viewer_is1"=i-Fun Viewer

"imgSeek"=imgSeek (remove only)

"InfraRecorder"=InfraRecorder

"Inkscape"=Inkscape 0.45.1

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA

"IrfanView"=IrfanView (remove only)

"Jahplayer"=Jahplayer

"Jahshaka"=Jahshaka

"JCreator LE_is1"=JCreator LE 4.50

"jDictionary"=jDictionary dictionary program (remove only)

"JTablet"=JTablet

"kiki_is1"=kiki the nanobot 1.0.2

"LightWave 3D 9"=LightWave 3D

"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)

"MagicDisc 2.5.74"=MagicDisc 2.5.74

"MAGIX Photo Manager 2007 US"=MAGIX Photo Manager 2007 4.2.1.261 (US)

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Manga Studio EX Demo 3.0"=Manga Studio EX Demo 3.0

"Mech2TitaniumUninstallKey"=MechWarrior 2: Titanium Edition

"MercsTitaniumUninstallKey"=Mercenaries: Titanium Edition

"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0

"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0

"MinGW_is1"=MinGW 3.1.0

"Miro"=Miro

"mm.BOT5.46"=mm.BOT

"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"Mozilla Sunbird (0.7)"=Mozilla Sunbird (0.7)

"Mozilla Thunderbird (2.0.0.14)"=Mozilla Thunderbird (2.0.0.14)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"mtPaint_is1"=mtPaint 3.11

"musikCube"=musikCube 1.0

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Notepad++"=Notepad++

"Novashell Game Creation System"=Novashell Game Creation System (remove only)

"NVIDIA Drivers"=NVIDIA Drivers

"On the Rain-Slick Precipice of Darkness, Episode One"=On the Rain-Slick Precipice of Darkness, Episode One

"OpenLibraries"=OpenLibraries

"Poke"=Poke

"Poser 7 Demo_is1"=Poser 7.0.2 Demo

"prunnet"=Advertisement Service

"Qliner Hotkeys"=Qliner Hotkeys 2.0

"Ragnarok Revolution6.0"=Ragnarok Revolution

"ReaConverter 5.5 Pro_is1"=ReaConverter 5.5 Pro

"RealAlt_is1"=Real Alternative 1.9.0

"RealPlayer 6.0"=RealPlayer

"RealVNC_is1"=VNC Free Edition 4.1.2

"ROM CHECK FAIL_is1"=ROM CHECK FAIL 1.0

"scilab-5.0.3_is1"=scilab-5.0.3

"secretmaryo"=Secret Maryo Chronicles

"SmoothDraw_is1"=SmoothDraw 3.1.2

"SolarWolf"=SolarWolf 1.5

"Soldat_is1"=Soldat 1.4.2

"Songbird 20071226"=Songbird 0.4 (20071226)

"ST6UNST #1"=Hero Editor V0.90

"ST6UNST #2"=Hero Editor V0.90 (C:\Program Files\Hero Editor\)

"ST6UNST #3"=Hero Editor V0.96

"Starcraft"=Starcraft

"StudioLine Photo Basic"=StudioLine Photo Basic

"synfig"=Synfig Core

"synfigstudio"=Synfig Studio

"Taskbar Shuffle_is1"=Taskbar Shuffle version 2.2

"TED Notepad"=TED Notepad

"Trillian"=Trillian

"Unlocker"=Unlocker 1.8.5

"ViewpointMediaPlayer"=Viewpoint Media Player

"VLC media player"=VideoLAN VLC media player 0.8.6c

"Wacom Tablet Driver"=Wacom Tablet

"WavePad"=WavePad Uninstall

"Wdf01001"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.1

"WhatPulse"=WhatPulse 1.5

"WIC"=Windows Imaging Component

"Winamp"=Winamp

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 2

"WinGimp-2.0_is1"=GIMP 2.4.3

"WinRAR archiver"=WinRAR archiver

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

"Yahoo! Extras"=Yahoo! Browser Services

"Yahoo! Mail"=Yahoo! Internet Mail

"Yahoo! Messenger"=Yahoo! Messenger

"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GNU CLISP 2.47"=GNU CLISP 2.47

"Google Chrome"=Google Chrome

"ijji FireFox Launcher"=ijji FireFox Launcher 1.0

"ijji.com"=ijji

"IMVU Avatar chat client software BETA"=IMVU Avatar Chat Software

"Lucid Dreams"=Lucid Dreams

"Modding Tool Package"=Modding Tool Package

"New LEGO Digital Designer"=LEGO Digital Designer

"sodarace kiosk"=sodarace kiosk

"uTorrent"=Torrent

"WinDirStat"=WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2009 8:21:14 PM | Computer Name = DAG | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2009 8:58:09 PM | Computer Name = DAG | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 1/6/2009 9:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20

Description =

Error - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2009 9:35:00 PM | Computer Name = DAG | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 1/6/2009 10:00:09 PM | Computer Name = DAG | Source = Google Update | ID = 20

Description =

Error - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/6/2009 10:11:55 PM | Computer Name = DAG | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

[ System Events ]

Error - 1/6/2009 12:19:32 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001

Description = The DHCP Client service depends on the NetBios over Tcpip service

which failed to start because of the following error: %%31

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001

Description = The DNS Client service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: %%31

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support

Environment service which failed to start because of the following error: %%31

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001

Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends

on the TCP/IP Protocol Driver service which failed to start because of the following

error: %%31

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7001

Description = The IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: %%31

Error - 1/6/2009 1:21:43 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss SASDIFSV

SASKUTIL

Tcpip

WS2IFSL

Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000

Description = The Adobe Active File Monitor V6 service failed to start due to the

following error: %%3

Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7024

Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated

with service-specific error 4294967295 (0xFFFFFFFF).

Error - 1/6/2009 2:30:19 AM | Computer Name = DAG | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

< End of report >

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.24

Database version: 1045

Windows 5.1.2600 Service Pack 2

9:18:57 PM 1/6/2009

mbam-log-1-6-2009 (21-18-57).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 326374

Time elapsed: 1 hour(s), 27 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Yeah you've got some ugly infections w/ some probably renamed files. Let's sort this out efficently.

Please go HERE and follow the directions for Downloading and running Combofix. Post it's log once done.

Share this post


Link to post
Share on other sites

Well, I can again access internet through browser. Hoping this log has nothing further bad to say ...

ComboFix 09-01-07.02 - ez 2009-01-07 22:08:55.1 - NTFSx86

Running from: c:\documents and settings\ez\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\ez\Local Settings\Temporary Internet Files\fbk.sts

c:\documents and settings\ez\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

c:\program files\mm.BOT

c:\program files\mm.BOT\Config\backup\mm.Bot.Sequences_backup.ini

c:\program files\mm.BOT\Config\backup\mm.Bot_backup.ini

c:\program files\mm.BOT\Config\backup\mm.MultiKeys_backup.ini

c:\program files\mm.BOT\Config\backup\mm.PKID_backup.ini

c:\program files\mm.BOT\Config\backup\mm.PlayKeys_backup.ini

c:\program files\mm.BOT\Config\mm.BOT.ini

c:\program files\mm.BOT\Config\mm.BOT.Sequences.ini

c:\program files\mm.BOT\Config\mm.BotState.ini

c:\program files\mm.BOT\Config\mm.MultiKeys.ini

c:\program files\mm.BOT\Config\mm.PKID.ini

c:\program files\mm.BOT\Config\mm.PlayKeys.ini

c:\program files\mm.BOT\Config\mmcl.PKID.Compiler.exe

c:\program files\mm.BOT\Config\System\d2-cdkey.exe

c:\program files\mm.BOT\Config\System\listfile.dat

c:\program files\mm.BOT\Config\System\LMPQAPI.DLL

c:\program files\mm.BOT\Config\System\mm.Boxes.Ref.ini

c:\program files\mm.BOT\Config\System\mm.PKID.Ref

c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH

c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID

c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK

c:\program files\mm.BOT\Config\System\MPQ2K.exe

c:\program files\mm.BOT\Config\System\Process.exe

c:\program files\mm.BOT\Config\System\SFmpq.dll

c:\program files\mm.BOT\Config\System\staredit.exe

c:\program files\mm.BOT\Config\System\Storm.dll

c:\program files\mm.BOT\Documents\Htm\CharTut.htm

c:\program files\mm.BOT\Documents\Htm\FAQ.htm

c:\program files\mm.BOT\Documents\Htm\img\automap.jpg

c:\program files\mm.BOT\Documents\Htm\img\bar.jpg

c:\program files\mm.BOT\Documents\Htm\img\coldskills.jpg

c:\program files\mm.BOT\Documents\Htm\img\controls1.jpg

c:\program files\mm.BOT\Documents\Htm\img\controls2.jpg

c:\program files\mm.BOT\Documents\Htm\img\controls3.jpg

c:\program files\mm.BOT\Documents\Htm\img\controls4.jpg

c:\program files\mm.BOT\Documents\Htm\img\Desktop.jpg

c:\program files\mm.BOT\Documents\Htm\img\favicon.ico

c:\program files\mm.BOT\Documents\Htm\img\fireskills.jpg

c:\program files\mm.BOT\Documents\Htm\img\lightskills.jpg

c:\program files\mm.BOT\Documents\Htm\img\merc_main.jpg

c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner.jpg

c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner2.jpg

c:\program files\mm.BOT\Documents\Htm\img\mmbot_configbanner3.jpg

c:\program files\mm.BOT\Documents\Htm\img\mmbotlogo.jpg

c:\program files\mm.BOT\Documents\Htm\img\Notepad.ico

c:\program files\mm.BOT\Documents\Htm\img\Pindle.jpg

c:\program files\mm.BOT\Documents\Htm\img\Program.ico

c:\program files\mm.BOT\Documents\Htm\img\Screenshot054.jpg

c:\program files\mm.BOT\Documents\Htm\img\Screenshot065.jpg

c:\program files\mm.BOT\Documents\Htm\img\Screenshot072.jpg

c:\program files\mm.BOT\Documents\Htm\img\Screenshot090.jpg

c:\program files\mm.BOT\Documents\Htm\img\Screenshot101.jpg

c:\program files\mm.BOT\Documents\Htm\img\Screenshot169.jpg

c:\program files\mm.BOT\Documents\Htm\img\skillskeys.jpg

c:\program files\mm.BOT\Documents\Htm\img\SoulSpawn.jpg

c:\program files\mm.BOT\Documents\Htm\img\stats_ctaswitch.jpg

c:\program files\mm.BOT\Documents\Htm\img\Thumbs.db

c:\program files\mm.BOT\Documents\Htm\img\Update.ico

c:\program files\mm.BOT\Documents\Htm\img\video.jpg

c:\program files\mm.BOT\Documents\Htm\Installation.htm

c:\program files\mm.BOT\Documents\Htm\KeysSwapping.htm

c:\program files\mm.BOT\Documents\Htm\LMenu.htm

c:\program files\mm.BOT\Documents\Htm\MainPage.htm

c:\program files\mm.BOT\Documents\Htm\MercTut.htm

c:\program files\mm.BOT\Documents\Htm\MySorce.htm

c:\program files\mm.BOT\Documents\Htm\PKID.ByGroups.htm

c:\program files\mm.BOT\Documents\Htm\PKID.ByItems.htm

c:\program files\mm.BOT\Documents\Htm\PkIdListing.htm

c:\program files\mm.BOT\Documents\Htm\PkIdSamples.htm

c:\program files\mm.BOT\Documents\Htm\PkIdSyntax.htm

c:\program files\mm.BOT\Documents\Htm\SeqCommands.htm

c:\program files\mm.BOT\Documents\Htm\SeqExamples.htm

c:\program files\mm.BOT\Documents\img\favicon.ico

c:\program files\mm.BOT\Documents\img\Home.ico

c:\program files\mm.BOT\Documents\img\Notepad.ico

c:\program files\mm.BOT\Documents\img\Program.ico

c:\program files\mm.BOT\Documents\img\Update.ico

c:\program files\mm.BOT\Documents\mm.BOT.History.txt

c:\program files\mm.BOT\Logs\_STATS.ini

c:\program files\mm.BOT\Logs\ArchiveCurrent.exe

c:\program files\mm.BOT\Logs\Compiler.txt

c:\program files\mm.BOT\Logs\DeleteCurrent.exe

c:\program files\mm.BOT\Logs\Events_Bot.txt

c:\program files\mm.BOT\Logs\SearchInLogs.exe

c:\program files\mm.BOT\mm.BOT.546.exe

c:\program files\mm.BOT\mm.Bot.chm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\CharTut.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\FAQ.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\automap.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\bar.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\coldskills.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls1.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls2.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls3.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\controls4.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Desktop.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\favicon.ico

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\fireskills.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\lightskills.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\merc_main.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\mmbotlogo.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Notepad.ico

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Pindle.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Program.ico

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot054.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot065.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot072.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot090.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot101.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Screenshot169.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\skillskeys.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\SoulSpawn.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\stats_ctaswitch.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Thumbs.db

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\Update.ico

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\img\video.jpg

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\Installation.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\KeysSwapping.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\LMenu.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MainPage.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MercTut.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\MySorce.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByGroups.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PKID.ByItems.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdListing.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSamples.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\PkIdSyntax.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqCommands.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\Htm\SeqExamples.htm

c:\program files\mm.BOT\mm.BOT.MAN\Documents\mm.BOT.History.txt

c:\program files\mm.BOT\mm.BOT.MAN\mm.BOT.MANUAL.htm

c:\program files\mm.BOT\mm.BOT.MANUAL.htm

c:\program files\mm.BOT\mmbot_config.exe

c:\program files\mm.BOT\mmbot_configinfo.ini

c:\program files\mm.BOT\Scripts\Example.au3

c:\program files\mm.BOT\Scripts\mm.BOT.Include.au3

c:\program files\mm.BOT\Tools\ImportantRead.txt

c:\program files\mm.BOT\Tools\mm.FList\mm.FList.exe

c:\program files\mm.BOT\Tools\mm.FList\mm.FList.ini

c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe

c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini

c:\program files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe

c:\program files\mm.BOT\Update.cli

c:\program files\mm.BOT\Update.exe

c:\windows\system32\drivers\seneka.sys

c:\windows\system32\drivers\senekaobvviiuh.sys

c:\windows\system32\Memman.vxd

c:\windows\system32\ntdll64.exe

c:\windows\system32\seneka.dat

c:\windows\system32\senekadf.dat

c:\windows\system32\senekafmxgkivb.dll

c:\windows\system32\senekalog.dat

c:\windows\system32\senekapewbtqlo.dll

c:\windows\system32\senekawahsthof.dll

c:\windows\system32\skinboxer43.dll

c:\windows\system32\upirftmc.dll

c:\windows\system32\win32hlp.cnf

c:\windows\system32\zvsret.dll

D:\install.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SENEKA

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))

.

2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\program files\Avira

2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-01-05 07:04 . 2009-01-05 07:04 111,616 --a--c--- c:\windows\system32\dllcache\userinit.exe

2009-01-04 02:03 . 2008-10-30 10:50 172,840 --a------ c:\windows\system32\Wintab32.dll

2009-01-04 02:03 . 2008-10-06 11:53 15,656 --a------ c:\windows\system32\drivers\wacmoumonitor.sys

2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\ez\Application Data\SUPERAntiSpyware.com

2009-01-03 15:19 . 2009-01-03 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- C:\VundoFix Backups

2009-01-03 09:25 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl

2009-01-03 08:53 . 2009-01-03 08:53 <DIR> d-------- c:\documents and settings\ez\Application Data\VirusRemover2008

2009-01-02 16:04 . 2009-01-02 16:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development

2008-12-30 23:06 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\ez\Application Data\acccore

2008-12-28 19:11 . 2008-12-28 19:11 <DIR> d-------- c:\program files\Will

2008-12-24 10:10 . 2008-12-24 10:10 <DIR> d-------- c:\program files\clisp-2.47

2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\program files\Viewpoint

2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint

2008-12-23 22:45 . 2008-12-23 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore

2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\program files\Common Files\AOL

2008-12-23 22:44 . 2008-12-23 22:48 <DIR> d-------- c:\program files\AIM6

2008-12-23 22:44 . 2008-12-30 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP

2008-12-23 22:44 . 2008-12-23 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL

2008-12-23 22:44 . 2008-12-23 22:48 456 --ah----- C:\IPH.PH

2008-12-22 22:32 . 2009-01-04 18:47 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-22 22:32 . 2008-12-22 22:32 1,409 --a------ c:\windows\QTFont.for

2008-12-20 17:45 . 2008-12-20 17:45 <DIR> d-------- c:\program files\Advanced Batch Converter

2008-12-19 16:55 . 2008-12-26 16:26 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVU

2008-12-19 16:54 . 2008-12-24 10:34 <DIR> d-------- c:\documents and settings\ez\Application Data\IMVUClient

2008-12-17 20:13 . 2008-12-17 20:13 <DIR> d-------- c:\program files\HexCmp

2008-12-17 20:10 . 2008-12-17 20:10 <DIR> d-------- c:\program files\DiffMerge

2008-12-14 14:24 . 2008-12-14 14:24 <DIR> d-------- C:\MinGW

2008-12-14 14:24 . 2008-12-14 14:24 41 --a------ c:\windows\MinGW.INI

2008-12-14 13:45 . 2008-12-14 13:45 <DIR> d-------- C:\Tcl

2008-12-12 23:20 . 2008-12-12 23:20 <DIR> d-------- C:\ijji

2008-12-12 23:18 . 2008-12-12 23:18 <DIR> d-------- c:\program files\NHN USA

2008-12-12 23:18 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe

2008-12-12 23:18 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll

2008-12-12 23:18 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 05:07 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet

2009-01-08 05:07 --------- d-----w c:\documents and settings\ez\Application Data\WTablet

2009-01-08 05:01 --------- d-----w c:\program files\Taskbar Shuffle

2009-01-08 05:00 --------- d-----w c:\program files\AVG8

2009-01-08 04:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-08 03:59 --------- d-----w c:\program files\Mozilla Firefox 3

2009-01-05 14:04 111,616 ----a-w c:\windows\system32\userinit.exe

2009-01-04 22:02 --------- d-----w c:\documents and settings\ez\Application Data\gtk-2.0

2009-01-04 18:48 --------- d-----w c:\documents and settings\ez\Application Data\uTorrent

2009-01-04 09:04 --------- d-----w c:\program files\Tablet

2009-01-03 23:27 --------- d-----w c:\program files\[email protected]

2009-01-03 22:19 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-03 20:04 --------- d-----w c:\program files\Trillian

2008-12-30 21:51 --------- d-----w c:\program files\Starcraft

2008-12-18 05:45 --------- d-----w c:\program files\Gunz

2008-12-17 18:12 --------- d-----w c:\documents and settings\ez\Application Data\Hamachi

2008-12-16 22:36 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll

2008-12-16 22:27 --------- d-----w c:\program files\Diablo II

2008-12-14 04:28 --------- d-----w c:\program files\Notepad++

2008-12-13 08:20 --------- d--h--w c:\documents and settings\ez\Application Data\ijjigame

2008-12-13 06:18 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-13 02:15 --------- d-----w c:\documents and settings\ez\Application Data\OpenOffice.org2

2008-12-06 19:12 --------- d-----w c:\program files\JCreatorV4LE

2008-12-04 07:41 --------- d-----w c:\program files\Yahoo!

2008-12-04 02:54 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-04 02:54 --------- d-----w c:\program files\Sun

2008-12-04 02:53 --------- d-----w c:\program files\Java

2008-11-26 14:16 4,096 ----a-w c:\windows\system32\drivers\nocashio.sys

2008-11-22 21:44 1,032,582 ----a-w c:\windows\system32\alleg42.dll

2008-11-18 06:45 --------- d-----w c:\program files\scilab-5.0.3

2008-11-16 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-16 00:07 --------- d-----w c:\program files\BroodWarAi Project

2008-11-15 01:28 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-09 11:02 --------- d-----w c:\program files\RelevantKnowledge

2008-10-30 18:13 2,749,224 ----a-w c:\windows\system32\Wacom_Tablet.exe

2008-10-30 18:00 182,056 ----a-w c:\windows\system32\Wacom_Tablet.dll

2007-09-03 18:43 428 ----a-w c:\documents and settings\ez\Application Data\hexplorer.dat

2007-09-03 18:43 4 ----a-w c:\documents and settings\ez\Application Data\mclip.dat

2007-01-25 10:52 65,536 ----a-w c:\program files\Common Files\NMSAccessU.exe

2004-12-02 00:34 716 ---ha-w c:\documents and settings\All Users\Application Data\pb7msys.dat

2008-04-17 08:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-04-17 08:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-04-17 08:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-04-17 08:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-04-17 08:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-02 07:13 88 --sh--r c:\windows\system32\4F57F3EF13.sys

2008-10-02 07:13 3,608 --sha-w c:\windows\system32\KGyGaAvL.sys

.

------- Sigcheck -------

2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2003-03-31 05:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys

2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys

2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 c:\windows\system32\dllcache\tcpip.sys

2006-04-20 04:51 359808 b4e29943b4b04bd5e7381546848e6669 c:\windows\system32\drivers\tcpip.sys

2003-03-31 05:00 22016 e931e0a2b8bf0019db902e98d03662cb c:\windows\$NtServicePackUninstall$\userinit.exe

2004-08-03 23:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\ServicePackFiles\i386\userinit.exe

2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\userinit.exe

2009-01-05 07:04 111616 67412a22840f827b42bf5c7df8ea16f5 c:\windows\system32\dllcache\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2007-06-16 827392]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"JMB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-06-28 352256]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

c:\documents and settings\ez\Start Menu\Programs\Startup\

DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-05-02 62464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CSCD"= camcodec.dll

"VIDC.XFR1"= xfcodec.dll

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^ez^Start Menu^Programs^Startup^Last.fm Helper.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00Hotkeys]

--a------ 2006-12-01 17:13 45056 c:\program files\Qliner Hotkeys\HotKeys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a------ 2008-02-20 07:33 963072 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 02:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]

--a------ 2001-08-23 05:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

--a------ 2004-08-03 21:32 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]

--a------ 2004-08-03 21:31 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

--a------ 2008-03-24 19:03 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-02-13 19:05 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\windows\Network Diagnostic\xpnetdiag.exe"= c:\windows\Network Diagnostic\xpnetdiag.exe:192.168.1.0/255.255.255.0:Enabled:@xpsp3res.dll,-20000

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=

"c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\Cave Story Deluxe\\dedicated\\Dedicated.exe"=

"c:\\Program Files\\Starcraft\\StarCraft.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Gunz\\Gunz.exe"=

"c:\\Program Files\\Soldat\\Soldat.exe"=

"c:\\Program Files\\Miro\\Miro_Downloader.exe"=

"c:\\Documents and Settings\\ez\\Desktop\\Main\\Game Files\\ROM\\zsnesw142\\zsnesw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=

"c:\\Program Files\\ApexDC++\\ApexDC.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5000:TCP"= 5000:TCP:AresChatServer

--- Other Services/Drivers In Memory ---

*Deregistered* - AegisP

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AntiVirScheduler

*Deregistered* - AntiVirService

*Deregistered* - Aspi32

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avgio

*Deregistered* - avgntflt

*Deregistered* - avipbb

*Deregistered* - Beep

*Deregistered* - Bonjour Service

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - hamachi

*Deregistered* - helpsvc

*Deregistered* - HidServ

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - McAfeeFramework

*Deregistered* - mcdbus

*Deregistered* - McTaskManager

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NaiAvTdi1

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NMSAccessU

*Deregistered* - Npfs

*Deregistered* - npkcmsvc

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NVSvc

*Deregistered* - PartMgr

*Deregistered* - PenClass

*Deregistered* - PnkBstrA

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - ProtexisLicensing

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SASDIFSV

*Deregistered* - SASKUTIL

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - Sentinel

*Deregistered* - SentinelKeysServer

*Deregistered* - SentinelProtectionServer

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sptd

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - ssmdrv

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TabletServiceWacom

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - Viewpoint Manager Service

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - wacomvhid

*Deregistered* - WacomVKHid

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WinVNC4

*Deregistered* - WmXlCore

*Deregistered* - WS2IFSL

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\SETUP.EXE

.

Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\0640.job

- c:\documents and settings\ez\Desktop\Main\Text Files\0640.txt [2008-11-28 10:50]

2008-08-31 c:\windows\Tasks\229.job

- c:\documents and settings\ez\Desktop\Main\Text Files\229.txt [2008-08-31 09:03]

2009-01-07 c:\windows\Tasks\amhdrfty.job

- c:\windows\system32\rundll32.exe [2004-08-03 23:56]

2009-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1844823847-839522115-1005.job

- c:\documents and settings\ez\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 01:17]

.

- - - - ORPHANS REMOVED - - - -

BHO-{69085d99-c561-4800-8ce8-4ec8804fc6f5} - c:\windows\system32\zvsret.dll

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ez\Start Menu\Programs\IMVU\Run IMVU.lnk

FF - ProfilePath - c:\documents and settings\ez\Application Data\Mozilla\Firefox\Profiles\qlfy4h7m.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.staredit.net/?p=index|http://garbeld.deviantart.com/|http://plushandblood.informe.com/index.php|http://conceptart.org/forums/|http://www.plushandblood.com/Chat.php|chrome://quicknote/content/quicknote.xhtml

FF - plugin: c:\documents and settings\ez\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll

FF - plugin: c:\program files\Mozilla Firefox 3\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox 3\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox 3\plugins\npViewpoint.dll

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-07 22:13:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-1844823847-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16FC62B2-8AFB-457E-EADC-12372DB45CA9}*NULL*]

"haolhebpmoeeheii"=hex:6b,61,6c,61,6f,67,63,61,61,61,6a,61,6a,6b,6e,64,66,70,\

63,6b,68,69,00,7f

"eaijajfmjg"=hex:66,61,67,6b,70,6b,61,68,69,69,61,65,00,31

"danjdjca"=hex:64,62,6d,6c,63,63,70,68,68,70,64,64,62,6b,63,64,6d,67,6a,66,62,\

6c,64,70,6f,6f,6e,6c,6b,6a,63,64,67,67,6f,66,64,6a,68,69,00,00

"iaanachnfkabolimfd"=hex:6a,61,65,6f,70,68,65,6a,6c,6f,6c,69,68,6b,68,6a,69,6a,\

6d,6d,00,d0

[HKEY_LOCAL_MACHINE\software\Classes\ppifile\DefaultIcon]

@DACL=(02 0000)

@=expand:"%SystemRoot%\\system32\\msppcnfg.exe,1"

[HKEY_LOCAL_MACHINE\software\Classes\ppifile\shell]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0]

@DACL=(02 0000)

@="FlashAccessibility"

[HKEY_LOCAL_MACHINE\software\JMICRON Technologies, Inc.\JRAID]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]

@DACL=(02 0000)

"Priority"=dword:00000001

"AutoInsert"=dword:00000001

"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]

@DACL=(02 0000)

"Priority"=dword:fffffffb

"AutoInsert"=dword:00000001

"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]

@DACL=(02 0000)

"Priority"=dword:fffffffe

"AutoInsert"=dword:00000001

"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]

@DACL=(02 0000)

"Priority"=dword:00000002

"AutoInsert"=dword:00000000

"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]

@DACL=(02 0000)

"Priority"=dword:00000003

"AutoInsert"=dword:00000001

"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]

@DACL=(02 0000)

"Priority"=dword:fffffffc

"AutoInsert"=dword:00000001

"Name"="Seamless Audio DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]

@DACL=(02 0000)

"Priority"=dword:fffffffd

"AutoInsert"=dword:00000001

"Name"="Volume Normalization DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]

@DACL=(02 0000)

"Priority"=dword:fffffffe

"AutoInsert"=dword:00000001

"Name"="WMPlayer Time Compression DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]

@DACL=(02 0000)

"classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4"

"visible"="false"

"tabstop"="false"

"width"="1"

"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]

@DACL=(02 0000)

"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

"toolTip"="res://wmploc.dll/RT_STRING/#1845"

"min"="-100"

"max"="100"

"value"="wmpprop:player.settings.balance"

"value_onchange"="player.settings.balance=value;"

"accName"="res://wmploc.dll/RT_STRING/#2112"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]

@DACL=(02 0000)

"classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]

@DACL=(02 0000)

"classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"upToolTip"="res://wmploc.dll/RT_STRING/#1812"

"onclick"="view.close();"

"accName"="res://wmploc.dll/RT_STRING/#2134"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]

@DACL=(02 0000)

"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"

"tabStop"="true"

"justification"="right"

"value"="wmpprop:player.controls.currentPositionString"

"accName"="res://wmploc.dll/RT_STRING/#2103"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]

@DACL=(02 0000)

"classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6"

"cursor"="hand"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]

@DACL=(02 0000)

"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

"playlistItemsVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]

@DACL=(02 0000)

"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"

"tabStop"="true"

"justification"="right"

"value"="wmpprop:player.currentMedia.DurationString"

"accName"="res://wmploc.dll/RT_STRING/#2104"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]

@DACL=(02 0000)

"classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]

@DACL=(02 0000)

"classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB"

"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.fastforward"

"upToolTip"="res://wmploc.dll/RT_STRING/#1804"

"onclick"="player.controls.FastForward()"

"accName"="res://wmploc.dll/RT_STRING/#2120"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"cursor"="hand"

"accName"="res://wmploc.dll/RT_STRING/#2140"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]

@DACL=(02 0000)

"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

"backgroundcolor"="black"

"foregroundcolor"="white"

"columnsVisible"="false"

"columns"="name=Name;Duration=Time"

"dropDownVisible"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]

@DACL=(02 0000)

"classid"="clsid:D9DE732A-AEE9-4503-9D11-5605589977A8"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]

@DACL=(02 0000)

"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]

@DACL=(02 0000)

"classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF"

"visible"="false"

"tabstop"="false"

"width"="1"

"height"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"upToolTip"="res://wmploc.dll/RT_STRING/#1811"

"onclick"="view.minimize();"

"accName"="res://wmploc.dll/RT_STRING/#2132"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"upToolTip"="res://wmploc.dll/RT_STRING/#1807"

"downToolTip"="res://wmploc.dll/RT_STRING/#1808"

"sticky"="true"

"down"="wmpprop:player.settings.mute"

"onClick"="player.settings.mute=down;"

"accName"="res://wmploc.dll/RT_STRING/#2130"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.next"

"upToolTip"="res://wmploc.dll/RT_STRING/#1806"

"onclick"="player.controls.Next()"

"accName"="res://wmploc.dll/RT_STRING/#2124"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.pause"

"upToolTip"="res://wmploc.dll/RT_STRING/#1801"

"onclick"="player.controls.pause()"

"accName"="res://wmploc.dll/RT_STRING/#2116"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.play"

"upToolTip"="res://wmploc.dll/RT_STRING/#1800"

"onclick"="player.controls.play()"

"accName"="res://wmploc.dll/RT_STRING/#2115"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]

@DACL=(02 0000)

"classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]

@DACL=(02 0000)

"classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]

@DACL=(02 0000)

"classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"

"popup"="true"

"visible"="false"

"backgroundColor"="menu"

"foregroundColor"="menutext"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.previous"

"upToolTip"="res://wmploc.dll/RT_STRING/#1805"

"onclick"="player.controls.Previous()"

"accName"="res://wmploc.dll/RT_STRING/#2126"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]

@DACL=(02 0000)

"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"upToolTip"="res://wmploc.dll/RT_STRING/#1816"

"downToolTip"="res://wmploc.dll/RT_STRING/#1817"

"sticky"="true"

"down"="jscript:player.settings.GetMode(\"loop\");"

"onClick"="player.settings.setMode(\"loop\", down);"

"accName"="res://wmploc.dll/RT_STRING/#2138"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]

@DACL=(02 0000)

"upToolTip"="res://wmploc.dll/RT_STRING/#1813"

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"onclick"="view.returnToMediaCenter();"

"accName"="res://wmploc.dll/RT_STRING/#2128"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.fastreverse"

"upToolTip"="res://wmploc.dll/RT_STRING/#1803"

"onclick"="player.controls.FastReverse()"

"accName"="res://wmploc.dll/RT_STRING/#2122"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]

@DACL=(02 0000)

"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

"toolTip"="res://wmploc.dll/RT_STRING/#1809"

"min"="0"

"max"="wmpprop:player.currentmedia.duration"

"value"="wmpprop:player.controls.currentposition"

"ondragend"="player.controls.currentposition=value;"

"foregroundProgress"="wmpprop:player.network.downloadProgress"

"useForegroundProgress"="true"

"accName"="res://wmploc.dll/RT_STRING/#2109"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"upToolTip"="res://wmploc.dll/RT_STRING/#1814"

"downToolTip"="res://wmploc.dll/RT_STRING/#1815"

"sticky"="true"

"down"="jscript:player.settings.GetMode(\"shuffle\");"

"onClick"="player.settings.setMode(\"shuffle\", down);"

"accName"="res://wmploc.dll/RT_STRING/#2136"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]

@DACL=(02 0000)

"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]

@DACL=(02 0000)

"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"

"tabStop"="true"

"value"="wmpprop:player.status"

"accName"="res://wmploc.dll/RT_STRING/#2102"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]

@DACL=(02 0000)

"classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"

"enabled"="wmpenabled:player.controls.stop"

"upToolTip"="res://wmploc.dll/RT_STRING/#1802"

"onclick"="player.controls.stop()"

"accName"="res://wmploc.dll/RT_STRING/#2118"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]

@DACL=(02 0000)

"classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]

@DACL=(02 0000)

"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"

"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]

@DACL=(02 0000)

"classid"="clsid:DDDA102E-0E17-11D3-A2E2-00C04F79F88E"

"tabStop"="true"

"value"="wmpprop:player.currentmedia.name"

"accName"="res://wmploc.dll/RT_STRING/#2105"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]

@DACL=(02 0000)

"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]

@DACL=(02 0000)

"classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859"

"tabStop"="false"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]

@DACL=(02 0000)

"classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

"min"="0"

"max"="100"

"value"="wmpprop:player.settings.volume"

"value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=f

alse;}"

"toolTip"="res://wmploc.dll/RT_STRING/#1810"

"accName"="res://wmploc.dll/RT_STRING/#2110"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]

@DACL=(02 0000)

"classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D"

"tabStop"="false"

"width"="250"

"height"="200"

"horizontalAlignment"="stretch"

"verticalAlignment"="stretch"

"currentEffectType"="wmpprop:mediacenter.effectType"

"currentPreset"="wmpprop:mediacenter.effectPreset"

"currentEffectType_onchange"="mediacenter.effectType = currentEffectType;"

"currentPreset_onchange"="mediacenter.effectPreset = currentPreset;"

"onclick"="next();"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]

@DACL=(02 0000)

"classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"

"horizontalAlignment"="stretch"

"verticalAlignment"="stretch"

"zoom"="wmpprop:mediacenter.videoZoom"

"stretchToFit"="wmpprop:mediacenter.videoStretchToFit"

"backgroundColor"="black"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]

@DACL=(02 0000)

"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services\MediaGuide]

@DACL=(02 0000)

"FriendlyName"="Media Guide"

"ColorPlayer"="#0063B0"

"ImageLargeURL"="http://images.metaservices.microsoft.com/svcswitch/WindowsMediaPlayer11_30x30.png"

"ImageMenuURL"="http://images.metaservices.microsoft.com/svcswitch/wm_com_v_rgb_15x15.png"

"Task1ButtonText"="Media Guide"

"Task1ButtonTip"="Media Guide"

"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]

@DACL=(02 0000)

"wmp.dll"=hex:00,00,0b,00,19,14,59,16

"wmploc.dll"=hex:00,00,0b,00,19,14,59,16

"wmplayer.exe"=hex:00,00,0b,00,19,14,59,16

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\Songbird.exe]

@DACL=(02 0000)

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\xulrunner.exe]

@DACL=(02 0000)

@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]

@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]

@DACL=(02 0000)

"FriendlyName"="Windows Live Messenger Music Plugin"

"Description"="Changes your personal message in Windows Live Messenger to show the currently playing song."

"Capabilities"=dword:40000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]

@DACL=(02 0000)

"FriendlyName"="DirectX"

"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"

"Version"=dword:00040009

"Sub-Version"=dword:00000388

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]

@DACL=(02 0000)

"FriendlyName"="DirectX BDA"

"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"

"Version"=dword:00040009

"Sub-Version"=dword:00000388

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]

@DACL=(02 0000)

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"

"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]

@DACL=(02 0000)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\program files\relevantknowledge\rlls.dll

.

Completion time: 2009-01-07 22:16:59

ComboFix-quarantined-files.txt 2009-01-08 05:15:44

Pre-Run: 11,645,476,864 bytes free

Post-Run: 11,717,521,408 bytes free

1016 --- E O F --- 2007-07-10 02:16:26

Share this post


Link to post
Share on other sites
Well, I can again access internet through browser.

I was hoping that would be the case.

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)

      [*]Scan Options:

      • Scan Archives
      • Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan select My Computer

    [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

    [*]Now click on the Save report button.

    [*]Call it Kaspersky.txt

    [*]Expand the arrow beside "file types" and save as .txt file.

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

*Note

If you have Internet Explorer 7 installed:

If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.

Page will reload and you should be able to carry on scan.

If the KAV log has your email all over it -- please attach it rather than copy/paste.

Run a fresh Combofix log

Post [*]KAV results[*]Combofix log

in your next reply.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...