ReaverG
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by ReaverG
-
Still no dice. The computer works fine and malwarebytes pro seems to have decent protection so I'm going to quit while I'm ahead and just take steps like not making financial transactions over the computer to make sure I don't have to worry about that type of thing in the future. Again, I can't thank you enough for helping me get the backdoor off my computer, I had to ditch box up one a few years back when it started typing back at me. Thanks so much Elise, you can lock the thread for realz this time.
-
Can't find anything of the sort. I'm in the System folder but there isn't a tab that lists description. I can search for individual logs for descriptions or by a keyword and only one (out of 2,547 events) showed up with Winlogon in the description and it was yesterday. The description reads "The process winlogon.exe has initiated the restart of XXX for the following reason: no title for this reason could be found" I scanned them for logs that were collected around the time I was running the chkdsk scan but nothing stands out. (event log service was stopped, CRT invalid display type, ati hotkey poller service has entered the stopped state) but nothing about a report or diskcheck.
-
I completed the chkdsk /r scan and ran the script but still got blue screens yelling physical memory dump at me. similar errors: (0xE496F7A0) and (0xE488DC68). This time I got a little further and got a 3rd error while running the script. You can call it quits any time, won't hurt my feelings a bit.
-
I ran the hotfix and then the script and still got the physical memory dump screen. I restarted and tried again, no dice. The error messages were 0x00000051 (0x00000004,0x00000001,0xE542A7E8,0x00002DA0) and 0x00000051 (0x00000004,0x00000001,0xE4606560,0x00002DA0)... again, not sure if that helps. Is it broke yet?
-
This time around I ended up with a physical memory dump blue screen after a few minutes of running the reset script. There were two errors early on and the message came up while I was copying down the information on it. But the blue screen said it was a registry error and mentioned 0x00000051 (0x00000004,0x00000001,0xE47DF6C8,0x00002DA0).... Not sure if that does any good. So is it beyond repair?
-
I followed the directions and the first time through it updated and restarted the computer without producing a log. When the computer restarted I got errors saying "cannot open CF31985.cfxxe" and it gave me the option of using the web or selecting a program from a list to open it with. Then when I tried installing the update I got an error "'The requested lookup key was not found in any active activation context." and told me to press ok to undo changes. So I went through the process again, this time making sure the script was included and a log was produced. When I tried to install the update I got the same error message about the lookup key. combofixcfscript.txt
-
If you're willing to volunteer I'm already stuck. I go through the installation process logged in as administrator and without any anti-virus software running. I also made sure that I didn't have a few particular programs installed before going through the process. But I received a few error messages about registry values: HKCR\.wdp,\'\' HKCR\.wdp,\'contenttype\' HKCR\.wdp,\'perceivedtype\' HKCR\.wdp,\'friendlytypename\' Then about halfway through the process I received the access denied error followed by a message telling me to press ok to undo changes already made.
-
Thanks again, Elise. I'm trying to install the XP Service Pack 3 and having all sorts of trouble. When I try to install it using the automatic updates it gives me an access denied message. I guess it's not your area though. Doesn't seem to be Microsofts area either, fwiw. Thanks so much for your help, you can lock the thread now.
-
Wow, for a final step I expected the results to be a little less painful. I hope you've had a good weekend Elise, sorry I've been taking it all up. ESETScan.txt
-
Again thanks for your advice Elise. I have removed the p2p programs and the registry cleaner. I think I downloaded it following one of the instruction guides provided by Anti-Malware Bytes. But I'll steer clear of them in the future as well. My Java has been updated and so has mbam. Here is the log from a full scan, there weren't any problems with hard to remove files but some results: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4155 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 5/30/2010 10:45:24 AM mbam-log-2010-05-30 (10-45-24).txt Scan type: Full scan (C:\|) Objects scanned: 260108 Time elapsed: 1 hour(s), 33 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0375866.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353292.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353296.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353297.OCX (Worm.Nyxem) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353298.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353306.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353310.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
-
Good to hear that the results look better. I followed your instruction and was prompted to download a new version of combofix when it ran after adding CFScript.txt. I downloaded it, ran combofix, then re-ran it so I could be sure that CFScript.txt was being used to make this log. The second log is below: ComboFix 10-05-29.03 - Game User 05/29/2010 16:59:17.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.583 [GMT -5:00] Running from: c:\documents and settings\Game User\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Game User\My Documents\Downloads\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 ))))))))))))))))))))))))))))))) . 2010-05-14 06:34 . 2010-05-14 06:34 -------- d-----w- c:\program files\FLV Player 2010-05-08 03:50 . 2010-05-08 04:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iudogkpsv 2010-05-07 04:18 . 2010-05-07 04:18 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-06 17:54 . 2010-05-06 16:45 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-06 17:54 . 2010-05-06 16:44 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-06 17:54 . 2008-11-09 06:20 125872 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-05-06 17:54 . 2010-05-06 17:54 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-05-06 16:45 . 2010-05-06 16:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-06 16:45 . 2010-05-07 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 20:03 . 2004-11-17 04:03 -------- d-----w- c:\program files\Common Files\Java 2010-05-26 14:53 . 2007-05-17 19:03 -------- d-----w- c:\documents and settings\Game User\Application Data\DivX 2010-05-08 15:59 . 2005-02-02 14:13 -------- d-----w- c:\program files\Google 2010-05-08 04:30 . 2010-01-20 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 17:54 . 2005-03-17 07:22 -------- d-----w- c:\program files\DivX 2010-04-29 20:39 . 2010-01-20 20:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2010-01-20 20:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 20:04 . 2007-06-29 06:20 -------- d-----w- c:\program files\Absolute Poker 2010-04-08 19:27 . 2001-08-17 19:52 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys 2010-04-07 21:27 . 2010-04-07 21:40 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-04-07 21:27 . 2010-04-07 21:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-04-07 21:24 . 2010-04-07 21:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2010-04-07 21:24 . 2008-02-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-07 21:24 . 2007-02-07 07:42 -------- d-----w- c:\program files\Lavasoft 2010-04-06 05:57 . 2004-11-17 04:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-31 01:58 . 2007-05-17 19:00 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2005-01-11 17:06 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2005-01-11 17:06 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2004-08-02 08:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-03-17 17:05 . 2009-11-27 17:32 79488 ----a-w- c:\documents and settings\Game User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-17 05:50 . 2010-03-17 05:50 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-17 05:50 . 2010-03-17 05:50 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-17 05:50 . 2004-11-21 18:55 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-17 05:50 . 2004-11-20 01:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-03-01 21:20 . 2008-03-01 21:20 22778 -csh--r- c:\windows\Installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll 2008-03-01 21:20 . 2008-03-01 21:20 18638 -csh--r- c:\windows\Installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll 2007-10-24 01:05 . 2007-10-24 01:05 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2010-05-29_19.38.58 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-29 20:03 . 2010-05-29 20:03 180224 c:\windows\Installer\245cca.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248] "FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe" [2006-08-25 356352] "OFFICEKB"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe" [2006-08-25 384000] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2010-04-07 21:27 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-01-15 09:22 267048 ----a-w- c:\program files\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2007-09-04 20:52 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-01-09 04:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-17 05:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\itunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14394:TCP"= 14394:TCP:BitComet 14394 TCP "14394:UDP"= 14394:UDP:BitComet 14394 UDP "9377:TCP"= 9377:TCP:spport "24274:TCP"= 24274:TCP:spport "11760:TCP"= 11760:TCP:spport "24767:TCP"= 24767:TCP:spport "29746:TCP"= 29746:TCP:spport "18408:TCP"= 18408:TCP:spport "19284:TCP"= 19284:TCP:spport "22832:TCP"= 22832:TCP:spport "16366:TCP"= 16366:TCP:spport "13252:TCP"= 13252:TCP:spport R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/7/2010 4:28 PM 64160] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 3:10 PM 304464] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/20/2010 3:10 PM 20952] S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2009 9:44 AM 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456] S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/16/2005 3:12 AM 611064] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:27] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43] 2010-05-28 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Game User.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-05 20:39] 2010-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] 2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: {{6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\Poker.com\poker.exe IE: {{76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\WorldPokerExchange\GameClient.exe IE: {{EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Game User\Application Data\Mozilla\Firefox\Profiles\r435oz3c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 17:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1892665505-1986732269-1020939261-1007\Software\SecuROM\License information*] "datasecu"=hex:c3,4a,93,1a,e0,92,72,36,08,48,9c,9e,4e,a9,21,8b,0e,a8,fa,b5,b7, 62,f2,d8,3d,58,09,40,c7,bb,08,43,3e,a2,ea,d5,9b,78,14,58,56,45,39,6b,f9,27,\ "rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23 [HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap] @DACL=(02 0000) @="bootstrap.application.1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2368) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-05-29 17:11:28 ComboFix-quarantined-files.txt 2010-05-29 22:11 ComboFix2.txt 2010-05-29 21:56 ComboFix3.txt 2010-05-29 19:42 Pre-Run: 73,849,667,584 bytes free Post-Run: 73,834,733,568 bytes free - - End Of File - - 07EBC15347504169287A3B1D1B38A554
-
That doesn't sound good. I ran combofix, here is the text. Attaching the file in the original post didn't seem to work so I will paste the log in addition to attaching it. I hope that isn't a problem. I'll go ahead and try to fix it and if all else fails I will get it reformatted. As for the other advice I have taken it, except for disconnecting this computer from the internet because I don't have the time to keep running back and forth to the library. Thanks again, Elise. ComboFix 10-05-28.08 - Game User 05/29/2010 14:26:05.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.479 [GMT -5:00] Running from: c:\documents and settings\Game User\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\GAMEUS~1\LOCALS~1\Temp\1.wmv c:\program files\Mozilla Firefox\components\npclntax.xpt c:\program files\security toolbar c:\program files\security toolbar\Uninstall.bat c:\windows\Fonts\mlog c:\windows\system32\Data c:\windows\system32\GroupPolicy\User\Scripts\null c:\windows\system32\H8SRTxvnselvivx.log c:\windows\system32\Install.txt c:\windows\system32\Thumbs.db c:\windows\system32\winstartup.log c:\windows\Temp\log.txt Infected copy of c:\windows\system32\drivers\ql12160.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 ))))))))))))))))))))))))))))))) . 2010-05-14 06:34 . 2010-05-14 06:34 -------- d-----w- c:\program files\FLV Player 2010-05-08 03:50 . 2010-05-08 04:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iudogkpsv 2010-05-07 04:18 . 2010-05-07 04:18 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-06 17:54 . 2010-05-06 16:45 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-06 17:54 . 2010-05-06 16:44 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-06 17:54 . 2008-11-09 06:20 125872 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-05-06 17:54 . 2010-05-06 17:54 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-05-06 17:54 . 2010-05-06 17:54 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-05-06 16:45 . 2010-05-06 16:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-06 16:45 . 2010-05-07 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-26 14:53 . 2007-05-17 19:03 -------- d-----w- c:\documents and settings\Game User\Application Data\DivX 2010-05-08 15:59 . 2005-02-02 14:13 -------- d-----w- c:\program files\Google 2010-05-08 04:30 . 2010-01-20 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 17:54 . 2005-03-17 07:22 -------- d-----w- c:\program files\DivX 2010-04-29 20:39 . 2010-01-20 20:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2010-01-20 20:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 20:04 . 2007-06-29 06:20 -------- d-----w- c:\program files\Absolute Poker 2010-04-08 19:27 . 2001-08-17 19:52 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys 2010-04-07 21:27 . 2010-04-07 21:40 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-04-07 21:27 . 2010-04-07 21:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-04-07 21:24 . 2010-04-07 21:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2010-04-07 21:24 . 2008-02-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-04-07 21:24 . 2007-02-07 07:42 -------- d-----w- c:\program files\Lavasoft 2010-04-06 05:57 . 2004-11-17 04:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-31 01:58 . 2007-05-17 19:00 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2005-01-11 17:06 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2005-01-11 17:06 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2004-08-02 08:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-03-17 17:05 . 2009-11-27 17:32 79488 ----a-w- c:\documents and settings\Game User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-17 05:50 . 2010-03-17 05:50 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-17 05:50 . 2010-03-17 05:50 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-17 05:50 . 2004-11-21 18:55 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-17 05:50 . 2004-11-20 01:52 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-03-01 21:20 . 2008-03-01 21:20 22778 -csh--r- c:\windows\Installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll 2008-03-01 21:20 . 2008-03-01 21:20 18638 -csh--r- c:\windows\Installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll 2007-10-24 01:05 . 2007-10-24 01:05 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248] "FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe" [2006-08-25 356352] "OFFICEKB"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe" [2006-08-25 384000] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] 2010-04-07 21:27 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-01-15 09:22 267048 ----a-w- c:\program files\itunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2007-09-04 20:52 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-01-09 04:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-17 05:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"= "c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\itunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14394:TCP"= 14394:TCP:BitComet 14394 TCP "14394:UDP"= 14394:UDP:BitComet 14394 UDP "9377:TCP"= 9377:TCP:spport "24274:TCP"= 24274:TCP:spport "11760:TCP"= 11760:TCP:spport "24767:TCP"= 24767:TCP:spport "29746:TCP"= 29746:TCP:spport "18408:TCP"= 18408:TCP:spport "19284:TCP"= 19284:TCP:spport "22832:TCP"= 22832:TCP:spport "16366:TCP"= 16366:TCP:spport "13252:TCP"= 13252:TCP:spport R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/7/2010 4:28 PM 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 3:10 PM 304464] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/20/2010 3:10 PM 20952] S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2009 9:44 AM 133104] S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/16/2005 3:12 AM 611064] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:27] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43] 2010-05-28 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Game User.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-05 20:39] 2010-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] 2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.atcomet.com/b/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: {{6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\Poker.com\poker.exe IE: {{76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\WorldPokerExchange\GameClient.exe IE: {{EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Game User\Application Data\Mozilla\Firefox\Profiles\r435oz3c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu AddRemove-Security Toolbar - c:\program files\Security Toolbar\Uninstall.bat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 14:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1892665505-1986732269-1020939261-1007\Software\SecuROM\License information*] "datasecu"=hex:c3,4a,93,1a,e0,92,72,36,08,48,9c,9e,4e,a9,21,8b,0e,a8,fa,b5,b7, 62,f2,d8,3d,58,09,40,c7,bb,08,43,3e,a2,ea,d5,9b,78,14,58,56,45,39,6b,f9,27,\ "rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23 [HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap] @DACL=(02 0000) @="bootstrap.application.1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-05-29 14:42:11 ComboFix-quarantined-files.txt 2010-05-29 19:42 Pre-Run: 70,344,630,272 bytes free Post-Run: 73,997,471,744 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - D6A6898E8F78D73ED12F09F1E50A5D63 ComboFix.txt
-
(part 2 ark.txt) Reg HKLM\SOFTWARE\Classes\Rar-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Rar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15 Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface@ RomeScriptInterfaces.GameQueryInterface Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface\CLSID Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface\CLSID@ {EE4DEA71-3E59-432B-AF58-2B13E53D4F90} Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy@ SuperBuddy Class Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CLSID Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CLSID@ {AE98F132-0B5F-44CF-A7B9-AA88A5A65382} Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CurVer Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CurVer@ SbOcp.SuperBuddy.1 Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1@ SuperBuddy Class Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1\CLSID Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1\CLSID@ {AE98F132-0B5F-44CF-A7B9-AA88A5A65382} Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData@ Ocp SuperBuddyData Class Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CLSID Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CLSID@ {13C368F9-772C-49E9-B84A-D6B2CC07EA72} Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CurVer Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CurVer@ SbOcp.SuperBuddyData.1 Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1@ Ocp SuperBuddyData Class Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1\CLSID Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1\CLSID@ {13C368F9-772C-49E9-B84A-D6B2CC07EA72} Reg HKLM\SOFTWARE\Classes\StockView.StockView@ StockView Class Reg HKLM\SOFTWARE\Classes\StockView.StockView\CurVer Reg HKLM\SOFTWARE\Classes\StockView.StockView\CurVer@ StockView.StockView.1 Reg HKLM\SOFTWARE\Classes\StockView.StockView.1@ StockView Class Reg HKLM\SOFTWARE\Classes\StockView.StockView.1\CLSID Reg HKLM\SOFTWARE\Classes\StockView.StockView.1\CLSID@ {8D4B0BE1-C02E-11D2-A33D-00A0C94B8D0E} Reg HKLM\SOFTWARE\Classes\Tar-Archiv@ Tar archive Reg HKLM\SOFTWARE\Classes\Tar-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Tar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv@ uuencoded file Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\WinAce@ WinAce archive Reg HKLM\SOFTWARE\Classes\WinAce\DefaultIcon Reg HKLM\SOFTWARE\Classes\WinAce\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\WinAce\shell Reg HKLM\SOFTWARE\Classes\WinAce\shell\open Reg HKLM\SOFTWARE\Classes\WinAce\shell\open\command Reg HKLM\SOFTWARE\Classes\WinAce\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\WinAce preset file@ WinAce preset file Reg HKLM\SOFTWARE\Classes\WinAce preset file\DefaultIcon Reg HKLM\SOFTWARE\Classes\WinAce preset file\DefaultIcon@ C:\Program Files\WinAce\arcicons.dll,17 Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open\command Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open\command@ "C:\Program Files\WinAce\winace.exe" "%1" Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager@ NSSManager Class Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CLSID Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CLSID@ {92498132-4d1a-4297-9b78-9e2e4ba99c07} Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CurVer Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CurVer@ WMPNSSCI.NSSManager.1 Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1@ NSSManager Class Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\CLSID Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\CLSID@ {92498132-4d1a-4297-9b78-9e2e4ba99c07} Reg HKLM\SOFTWARE\Classes\WordPerfect.Document@ WordPerfect Document Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CLSID Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CLSID@ {C01E1033-A04C-40D6-9AF4-1D33CBF2AFB2} Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CurVer Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CurVer@ WP12Doc Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\DefaultIcon Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\DefaultIcon@ C:\Program Files\WordPerfect Office 12\Programs\pficon120.dll,-5121 Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell@ open Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open@ &Open Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open\command Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" "%1" Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print@ &Print Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\command Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" /ddeex /smin : Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec@ FileOpen("%1") PrintFullDoc() CloseNoSave(1) Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\application Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\application@ WPWin12_Macros Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\topic Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\topic@ Commands Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\command Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" /ddeex /smin : Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec@ PrintTo("%1";"%2";"%3";"%4") Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\application Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\application@ WPWin12_Macros Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\topic Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\topic@ Commands Reg HKLM\SOFTWARE\Classes\XEF-Datei@ xef file Reg HKLM\SOFTWARE\Classes\XEF-Datei\DefaultIcon Reg HKLM\SOFTWARE\Classes\XEF-Datei\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open\command Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv@ xxencoded file Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf@ Yahoo! Audio Conferencing Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer@ Yahoo.AudioConf.1 Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1@ Yahoo! Audio Conferencing Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider@ Yahoo! Audio Slider Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer@ Yahoo.AudioSlider.1 Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1@ Yahoo! Audio Slider Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1@ Yahoo! Audio UI1 Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer@ Yahoo.Audio UI1.1 Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1@ Yahoo! Audio UI1 Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl@ MessengerCompanionControl Class Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer@ Yahoo.MessengerCompanionControl.3 Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3@ MessengerCompanionControl Class Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3\CLSID@ {977046B0-A87F-11d5-8FEA-FFFFFF000000} Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5@ MessengerCompanionControl Class Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID@ {FBE30D66-39A2-4b72-8B43-6D4C335A6F34} Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin@ PopupBlocker Class Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer@ Yahoo.PopupBlockerPlugin.4 Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4@ PopupBlocker Class Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID@ {1147DC83-6208-4dca-8E88-DD45BAAB3043} Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter@ Yahoo! VU Meter Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer@ Yahoo.VuMeter.1 Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1@ Yahoo! VU Meter Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73} Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3@ Yahoo Class Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer@ Yahoo3.Yahoo3.1 Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1@ Yahoo Class Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID@ {29F46F81-4B2A-11D1-9BCE-00A0C96ED13A} Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge@ YahooBridge Class Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86} Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer@ YahooBridgeLib.YahooBridge.1 Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1@ YahooBridge Class Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86} Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert@ YAlert Class Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58} Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer@ YAlertCenter.YAlert.1 Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1@ YAlert Class Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58} Reg HKLM\SOFTWARE\Classes\Ybmfile\shell Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1 Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1 Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX@ YbButtonX Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82} Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer@ YbSkin.YbButtonX.1 Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1@ YbButtonX Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82} Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage@ YbImage Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02} Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer@ YbSkin.YbImage.1 Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1@ YbImage Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02} Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX@ YbImgX Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24} Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer@ YbSkin.YbImgX.1 Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1@ YbImgX Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24} Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin@ YbSkin Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1} Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer@ YbSkin.YbSkin.1 Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1@ YbSkin Class Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1} Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector@ SkinSelector Class Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902} Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer@ YbSkinSelect.SkinSelector.1 Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1@ SkinSelector Class Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902} Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM@ YahooTaggedBM Class Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A} Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer@ YIeTagBm.YahooTaggedBM.1 Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1@ YahooTaggedBM Class Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A} Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter@ YInstStarter Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer@ YInstHelper.YInstStarter.1 Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1@ YInstStarter Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade@ YInstStarterUpgrade Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664} Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer@ YInstHelper.YInstStarterUpgrade.1 Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1@ YInstStarterUpgrade Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664} Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2@ YSearchSetting2 Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer@ YInstHelper.YSearchSetting2.1 Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1@ YSearchSetting2 Class Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds@ LoginMenuIds Class Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71} Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer@ YLoginIds.LoginMenuIds.1 Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1@ LoginMenuIds Class Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71} Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin@ YMECompPlugin Class Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer@ YMERemote.YMECompPlugin.1 Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1@ YMECompPlugin Class Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID@ {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl@ YMERemoteCtl Class Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer@ YMERemote.YMERemoteCtl.1 Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1@ YMERemoteCtl Class Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID@ {8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach@ YMailAttach Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer@ YMMAPI.YMailAttach.1 Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1@ YMailAttach Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt@ YMailShellExt Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer@ YMMAPI.YMailShellExt.1 Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1@ YMailShellExt Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo@ YahooYMailTo Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000} Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer@ YMMAPI.YMailTo.1 Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1@ YahooYMailTo Class Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000} Reg HKLM\SOFTWARE\Classes\ymsgr@ URL: YMessenger Protocol Reg HKLM\SOFTWARE\Classes\ymsgr@URL Protocol Reg HKLM\SOFTWARE\Classes\ymsgr\shell Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPAGER.EXE" %1 Reg HKLM\SOFTWARE\Classes\Ypager.Messenger@ YPager Messenger Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CLSID Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CurVer Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CurVer@ Ypager.Messenger.1 Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open\command Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPager.exe" %1 Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1@ Messenger Class Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\CLSID Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open\command Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPager.exe" %1 Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker@ MessengerChecker Class Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer@ YPagerChecker.MessengerChecker.1 Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1@ MessengerChecker Class Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl@ BlockerCtrl Class Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1} Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer@ YPUBC.BlockerCtrl.1 Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1@ BlockerCtrl Class Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1} Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore@ DataStore Class Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC} Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer@ YPUBC.DataStore.1 Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1@ DataStore Class Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC} Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler@ PUBHTMLEventHandler Class Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C} Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer@ YPUBC.PUBHTMLEventHandler.1 Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1@ PUBHTMLEventHandler Class Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C} Reg HKLM\SOFTWARE\Classes\YPUBC.StringList@ StringList Class Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer@ YPUBC.StringList.1 Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1@ StringList Class Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} Reg HKLM\SOFTWARE\Classes\YServer.Component.1@ YServer Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID@ {B26DA9C0-7921-11D4-B0F2-0050DA2B3579} Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer@ YServer.Component.1 Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut@ Shortcut Class Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825} Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer@ YShortcut_DLL.Shortcut.1 Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1@ Shortcut Class Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825} Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension@ TabExtension Class Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022} Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer@ YShortcut_DLL.TabExtension.1 Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1@ TabExtension Class Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022} Reg HKLM\SOFTWARE\Classes\yt.YTHelper@ Yahoo! Toolbar Helper Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670} Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer@ yt.YTHelper.2 Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2@ Yahoo! Toolbar Helper Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670} Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand@ Yahoo! Toolbar Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer@ yt.YToolbarBand.1 Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1@ Yahoo! Toolbar Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID@ {EF99BD32-C1FB-11D2-892F-0090271D4F88} Reg HKLM\SOFTWARE\Classes\YUber.UberButton@ Yahoo! IE Services Button Class Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer@ YUber.UberButton.1 Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1@ Yahoo! IE Services Button Class Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo@ GetInfo Class Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer@ YVerInfo.GetInfo.1 Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1@ GetInfo Class Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2@ GetInfo2 Class Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B} Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer@ YVerInfo.GetInfo2.1 Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1@ GetInfo2 Class Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B} Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload@ Yahoo! Webcam Upload Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer@ YWcUpl.WcUpload.1 Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1@ Yahoo! Webcam Upload Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer@ Yahoo! Webcam Viewer Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277} Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer@ YWcVwr.WcViewer.1 Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1@ Yahoo! Webcam Viewer Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277} Reg HKLM\SOFTWARE\Classes\ZfUpdir\DefaultIcon Reg HKLM\SOFTWARE\Classes\ZfUpdir\DefaultIcon@ C:\Program Files\WinAce\zfIcons.dll,0 Reg HKLM\SOFTWARE\Classes\Zip-Archiv@ Zip archive Reg HKLM\SOFTWARE\Classes\Zip-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Zip-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet@ {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Zoo-Archiv@ Zoo archive Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\ql12160.sys suspicious modification File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification ---- EOF - GMER 1.0.15 ----
-
(part 1) ark.txt: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-27 17:12:30 Windows 5.1.2600 Service Pack 2 Running: gqqyp7ni.exe; Driver: C:\DOCUME~1\GAMEUS~1\LOCALS~1\Temp\fwloapog.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF777487E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7774BFE] ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\drivers\ql12160.sys entry point in ".rsrc" section [0xF774EB94] .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF61D7000, 0x17C39E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C .text C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D3000A .text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6000A .text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D0000A .text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C5000C .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0124000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0125000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0123000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \FileSystem\Fastfat \Fat A8A24C8A AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device -> \Driver\iaStor \Device\Harddisk0\DR0 86A1CAC8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC0 0x18 0x00 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xB9 0x86 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x6D 0xF6 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBD 0xEA 0x12 0xBB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC0 0x18 0x00 0x27 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xB9 0x86 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x6D 0xF6 0x84 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBD 0xEA 0x12 0xBB ... Reg HKLM\SOFTWARE\Classes\.3gpp@ QuickTime.3gpp Reg HKLM\SOFTWARE\Classes\.3gpp@Content Type video/3gpp Reg HKLM\SOFTWARE\Classes\.3gpp@QuickTime.bak Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithList Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithProgIds@QuickTime.3gpp Reg HKLM\SOFTWARE\Classes\.aac@ QuickTime.aac Reg HKLM\SOFTWARE\Classes\.aac@Content Type audio/aac Reg HKLM\SOFTWARE\Classes\.aac@QuickTime.bak Reg HKLM\SOFTWARE\Classes\.aac\OpenWithList Reg HKLM\SOFTWARE\Classes\.aac\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.aac\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.aac\OpenWithProgIds@QuickTime.aac Reg HKLM\SOFTWARE\Classes\.ace@ Ace-Archiv Reg HKLM\SOFTWARE\Classes\.adts@ QuickTime.adts Reg HKLM\SOFTWARE\Classes\.adts@Content Type audio/aac Reg HKLM\SOFTWARE\Classes\.adts@QuickTime.bak Reg HKLM\SOFTWARE\Classes\.adts\OpenWithList Reg HKLM\SOFTWARE\Classes\.adts\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.adts\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.adts\OpenWithProgIds@QuickTime.adts Reg HKLM\SOFTWARE\Classes\.age3Xsav@ AgeofEmpiresIII-TheWarChiefs.age3Xsav Reg HKLM\SOFTWARE\Classes\.AKN@ AKN_AUTO Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1 Reg HKLM\SOFTWARE\Classes\.arc@ Arc-Archiv Reg HKLM\SOFTWARE\Classes\.arj@ Arj-Archiv Reg HKLM\SOFTWARE\Classes\.bc!@ BitLordUnfinishedFile Reg HKLM\SOFTWARE\Classes\.bz2@ BZip2-Archiv Reg HKLM\SOFTWARE\Classes\.flc@ Reg HKLM\SOFTWARE\Classes\.flc@Content Type video/flc Reg HKLM\SOFTWARE\Classes\.flc\OpenWithList Reg HKLM\SOFTWARE\Classes\.flc\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.flc\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.flc\OpenWithProgIds@QuickTime.flc Reg HKLM\SOFTWARE\Classes\.fli@ Reg HKLM\SOFTWARE\Classes\.fli@Content Type video/flc Reg HKLM\SOFTWARE\Classes\.fli\OpenWithList Reg HKLM\SOFTWARE\Classes\.fli\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.fli\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.fli\OpenWithProgIds@QuickTime.fli Reg HKLM\SOFTWARE\Classes\.jbf\PersistentHandler Reg HKLM\SOFTWARE\Classes\.jbf\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb} Reg HKLM\SOFTWARE\Classes\.lha@ Lha-Archiv Reg HKLM\SOFTWARE\Classes\.lzh@ Lzh-Archiv Reg HKLM\SOFTWARE\Classes\.mdf@ mdf_auto_file Reg HKLM\SOFTWARE\Classes\.mim@ Base64-Archiv Reg HKLM\SOFTWARE\Classes\.mod@Content Type video/mpeg Reg HKLM\SOFTWARE\Classes\.mod@PerceivedType video Reg HKLM\SOFTWARE\Classes\.mod@ mpegfile Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList\wmplayer.exe Reg HKLM\SOFTWARE\Classes\.mod\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.mod\OpenWithProgIds@mpegfile Reg HKLM\SOFTWARE\Classes\.mp4@ QuickTime.mp4 Reg HKLM\SOFTWARE\Classes\.mp4@Content Type video/mp4 Reg HKLM\SOFTWARE\Classes\.mp4@QuickTime.bak Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithList Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithProgIds@QuickTime.mp4 Reg HKLM\SOFTWARE\Classes\.mqv@ QuickTime.mqv Reg HKLM\SOFTWARE\Classes\.mqv@Content Type video/quicktime Reg HKLM\SOFTWARE\Classes\.mqv@QuickTime.bak Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithList Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithProgIds@QuickTime.mqv Reg HKLM\SOFTWARE\Classes\.mwDeck@ MWSDeck Reg HKLM\SOFTWARE\Classes\.r00@ r00_auto_file Reg HKLM\SOFTWARE\Classes\.rar@ Rar-Archiv Reg HKLM\SOFTWARE\Classes\.rpc\PersistentHandler Reg HKLM\SOFTWARE\Classes\.rpc\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb} Reg HKLM\SOFTWARE\Classes\.rts@ Reg HKLM\SOFTWARE\Classes\.rts@Content Type application/x-rtsp Reg HKLM\SOFTWARE\Classes\.rts\OpenWithList Reg HKLM\SOFTWARE\Classes\.rts\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.rts\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.rts\OpenWithProgIds@QuickTime.rts Reg HKLM\SOFTWARE\Classes\.rtsp@ Reg HKLM\SOFTWARE\Classes\.rtsp@Content Type application/x-rtsp Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithList Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithProgIds@QuickTime.rtsp Reg HKLM\SOFTWARE\Classes\.uue@ UUEncoded-Archiv Reg HKLM\SOFTWARE\Classes\.vfw@ Reg HKLM\SOFTWARE\Classes\.vfw@Content Type video/x-msvideo Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithList Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithList\QuickTimePlayer.exe Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithProgIds Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithProgIds@QuickTime.vfw Reg HKLM\SOFTWARE\Classes\.wpf@XSave Reg HKLM\SOFTWARE\Classes\.wpf@ WinAce preset file Reg HKLM\SOFTWARE\Classes\.xef@ XEF-Datei Reg HKLM\SOFTWARE\Classes\.xxe@ XXEncoded-Archiv Reg HKLM\SOFTWARE\Classes\.ybm@ ybmfile Reg HKLM\SOFTWARE\Classes\.ybm@ContentType text/ybm Reg HKLM\SOFTWARE\Classes\.ymg@ YPager.Messenger Reg HKLM\SOFTWARE\Classes\.ymg@Content Type application/ymsgr Reg HKLM\SOFTWARE\Classes\.yps@ YPager.Messenger Reg HKLM\SOFTWARE\Classes\.yps@Content Type application/ymsgr Reg HKLM\SOFTWARE\Classes\.zf~~~@ ZfUpdir Reg HKLM\SOFTWARE\Classes\.zoo@ Zoo-Archiv Reg HKLM\SOFTWARE\Classes\Ace-Archiv@ Ace archive Reg HKLM\SOFTWARE\Classes\Ace-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Ace-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet@ {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav@ Age of Empires III - The WarChiefs Save Game Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open\command Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open\command@ C:\PROGRA~1\MICROS~4\AGEOFE~2\AGE3XL~1.EXE "%1" Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant Messenger Protocol Reg HKLM\SOFTWARE\Classes\aim@URL Protocol Reg HKLM\SOFTWARE\Classes\aim\shell Reg HKLM\SOFTWARE\Classes\aim\shell\open Reg HKLM\SOFTWARE\Classes\aim\shell\open\command Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ "C:\Program Files\AIM\aim.exe" %1 Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open\command Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open\command@ "C:\Program Files\Absolute Poker\SkinUpdate.exe" "%1" Reg HKLM\SOFTWARE\Classes\aol_htm@ HTML Document Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon@ c:\program files\common files\aol\1140943258\ee\services\browserapp\ver1_2_5_15\resources\en-US\AOLDocument.ico Reg HKLM\SOFTWARE\Classes\aol_htm\shell Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command@ "C:\Program Files\AOL\Explorer\1.2\AOLExplorer.exe" -u "%1" Reg HKLM\SOFTWARE\Classes\Arc-Archiv@ Arc archive Reg HKLM\SOFTWARE\Classes\Arc-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Arc-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15 Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Arj-Archiv@ Arj archive Reg HKLM\SOFTWARE\Classes\Arj-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Arj-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15 Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Base64-Archiv@ base64 file Reg HKLM\SOFTWARE\Classes\Base64-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Base64-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\BitLordUnfinishedFile@ BitLord Incomplete Download File Reg HKLM\SOFTWARE\Classes\bittorrent@ BitLord File Reg HKLM\SOFTWARE\Classes\bittorrent@OldDefault BitLord File Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon@ "C:\Program Files\BitLord\BitLord.exe",1 Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon@OldDefault "C:\Program Files\BitLord\BitLord.exe",1 Reg HKLM\SOFTWARE\Classes\bittorrent\shell Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command@ "C:\Program Files\BitLord\BitLord.exe" "%1" /dummy Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command@OldDefault "C:\Program Files\BitLord\BitLord.exe" "%1" /dummy Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec@ %1 Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Application Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Application@ BitLord Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Topic Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Topic@ TORRENT Reg HKLM\SOFTWARE\Classes\BZip2-Archiv@ BZip2 archive Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu@ CmdLineContextMenu Class Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CLSID Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CLSID@ {9869EFB4-18E9-11D3-A837-00104B9E30B5} Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CurVer Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CurVer@ CmdLineExt.CmdLineContextMenu.1 Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1@ CmdLineContextMenu Class Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1\CLSID Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1\CLSID@ {9869EFB4-18E9-11D3-A837-00104B9E30B5} Reg HKLM\SOFTWARE\Classes\Context.test@ Ctest Object Reg HKLM\SOFTWARE\Classes\Context.test\CLSID Reg HKLM\SOFTWARE\Classes\Context.test\CLSID@ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} Reg HKLM\SOFTWARE\Classes\Context.test\CurVer Reg HKLM\SOFTWARE\Classes\Context.test\CurVer@ Context.test.1 Reg HKLM\SOFTWARE\Classes\Context.test.1@ Ctest Object Reg HKLM\SOFTWARE\Classes\Context.test.1\CLSID Reg HKLM\SOFTWARE\Classes\Context.test.1\CLSID@ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} Reg HKLM\SOFTWARE\Classes\ft60.YFT@ CYFT Object Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F} Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer@ ft60.YFT.1 Reg HKLM\SOFTWARE\Classes\ft60.YFT.1@ CYFT Object Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F} Reg HKLM\SOFTWARE\Classes\GPI\Settings Reg HKLM\SOFTWARE\Classes\GPI\Settings@CtrlR 8H2BKG0 Reg HKLM\SOFTWARE\Classes\GPI\Settings@CtrlT 8H1RKH0 Reg HKLM\SOFTWARE\Classes\GZip-Archiv@ GZip archive Reg HKLM\SOFTWARE\Classes\GZip-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\GZip-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv@ GZipTar archive Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\isaim.aimlocator@ aimlocator Class Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer@ isaim.aimlocator.1 Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1@ aimlocator Class Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} Reg HKLM\SOFTWARE\Classes\ISO image file@ ISO image Reg HKLM\SOFTWARE\Classes\ISO image file\DefaultIcon Reg HKLM\SOFTWARE\Classes\ISO image file\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,18 Reg HKLM\SOFTWARE\Classes\ISO image file\shell Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open\command Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\ISO image file\shellex Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Javasoft Archiv@ JavaSoft archive Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Lha-Archiv@ Lha archive Reg HKLM\SOFTWARE\Classes\Lha-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Lha-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\Lzh-Archiv@ Lha archive Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\magnet@ URL:MagNet Protocol Reg HKLM\SOFTWARE\Classes\magnet@URL Protocol Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon@ "C:\Program Files\LimeWire\LimeWire.ico",-128 Reg HKLM\SOFTWARE\Classes\magnet\shell Reg HKLM\SOFTWARE\Classes\magnet\shell\open Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command@ "C:\Program Files\LimeWire\LimeWire.exe" "%L" Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj@ McAfee.com Agent Ping Info Object Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CLSID Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CLSID@ {1EE08B59-2834-4f65-B2B9-1723F646ECF7} Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CurVer Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CurVer@ McAfee.com.Agent.PingObj Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj@ McAfee.com FW Ping Info Object Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CLSID Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CLSID@ {1EE08B59-2834-4f65-B2B9-1723F646ECF7} Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CurVer Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CurVer@ McAfee.com.FW.PingObj Reg HKLM\SOFTWARE\Classes\mdf_auto_file@ Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open\command@ "C:\Program Files\DAEMON Tools\daemon.exe" "%1" Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller@ LicenseInstaller Class Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CLSID Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CLSID@ {144B9C7E-235A-4316-9EB3-5E393714C77A} Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CurVer Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CurVer@ MediaGateway.LicenseInstaller.1 Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\CLSID Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\CLSID@ {FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E} Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv@ MS-Cabinet Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\DefaultIcon Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12 Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open\command Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1" Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers\ZFContextMenu Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7} Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7} Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP@ MSSCP Class Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CLSID Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CLSID@ {32BAED44-34B5-11D3-9315-00C04F72D6CF} Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CurVer Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CurVer@ MsScp.MSSCP.1 Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1@ MSSCP Class Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1\CLSID Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1\CLSID@ {32BAED44-34B5-11D3-9315-00C04F72D6CF} Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS@ SCPTRANS Class Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CLSID Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CLSID@ {5C140836-43DE-11d3-847D-00C04F79DBC0} Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CurVer Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CurVer@ MsScp.SCPTRANS.1 Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1@ SCPTRANS Class Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\CLSID Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\CLSID@ {5C140836-43DE-11d3-847D-00C04F79DBC0} Reg HKLM\SOFTWARE\Classes\MWSDeck@ Magic Workstation DECK Reg HKLM\SOFTWARE\Classes\MWSDeck\DefaultIcon Reg HKLM\SOFTWARE\Classes\MWSDeck\DefaultIcon@ C:\Program Files\Magic Workstation\MagicWorkstation.exe,1 Reg HKLM\SOFTWARE\Classes\MWSDeck\shell Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open\command Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open\command@ "C:\Program Files\Magic Workstation\MagicWorkstation.exe" "%1" Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel@ PhotoPanel Class Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24} Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer@ PhotoShare.PhotoPanel.1 Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1@ PhotoPanel Class Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24} Reg HKLM\SOFTWARE\Classes\plaxo@ URL: Plaxo Protocol Reg HKLM\SOFTWARE\Classes\plaxo@URL Protocol Reg HKLM\SOFTWARE\Classes\plaxo\shell Reg HKLM\SOFTWARE\Classes\plaxo\shell\open Reg HKLM\SOFTWARE\Classes\plaxo\shell\open\command Reg HKLM\SOFTWARE\Classes\plaxo\shell\open\command@ C:\Program Files\Plaxo\2.6.2.9\plx_link.exe -command="%1" Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost@ ProtectorHost Class Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer@ ProtectorExe.ProtectorHost.1 Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1@ ProtectorHost Class Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} Reg HKLM\SOFTWARE\Classes\protector_dll.Protector@ Protector Class Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7} Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer@ protector_dll.Protector.1 Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1@ Protector Class Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7} Reg HKLM\SOFTWARE\Classes\r00_auto_file@ Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell@ open Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open@ &Open Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open\command Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Open "%L" Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play@ &Play Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play\command Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Play "%L" Reg HKLM\SOFTWARE\Classes\Rar-Archiv@ Rar archive (pt. 2 continued...)
-
Hi Elise and thanks for your quick reply. My computer is many years old and I think the logs might reflect that. Here you go. Attach.txt: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 11/19/2004 7:44:53 PM System Uptime: 5/27/2010 10:02:19 AM (0 hours ago) Motherboard: Dell Inc. | | 0J3492 Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 145 GiB total, 67.657 GiB free. D: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1768: 2/27/2010 12:07:51 PM - System Checkpoint RP1769: 2/28/2010 12:08:21 PM - System Checkpoint RP1770: 3/1/2010 2:30:49 PM - System Checkpoint RP1771: 3/2/2010 3:23:48 PM - System Checkpoint RP1772: 3/3/2010 11:06:13 PM - System Checkpoint RP1773: 3/5/2010 11:36:26 PM - System Checkpoint RP1774: 3/7/2010 12:33:12 AM - System Checkpoint RP1775: 3/8/2010 1:09:13 AM - System Checkpoint RP1776: 3/9/2010 1:14:18 AM - System Checkpoint RP1777: 3/10/2010 10:53:37 AM - System Checkpoint RP1778: 3/11/2010 12:14:11 PM - System Checkpoint RP1779: 3/12/2010 12:19:14 PM - System Checkpoint RP1780: 3/13/2010 12:37:55 PM - System Checkpoint RP1781: 3/14/2010 7:04:20 PM - System Checkpoint RP1782: 3/15/2010 11:18:39 PM - System Checkpoint RP1783: 3/16/2010 11:21:33 PM - System Checkpoint RP1784: 3/18/2010 2:00:16 PM - Software Distribution Service 3.0 RP1785: 3/19/2010 2:39:39 PM - System Checkpoint RP1786: 3/20/2010 8:22:42 PM - System Checkpoint RP1787: 3/21/2010 8:36:38 PM - System Checkpoint RP1788: 3/23/2010 12:08:07 AM - System Checkpoint RP1789: 3/24/2010 12:11:44 AM - System Checkpoint RP1790: 3/25/2010 1:03:18 PM - System Checkpoint RP1791: 3/26/2010 2:34:43 PM - System Checkpoint RP1792: 3/27/2010 4:45:11 PM - System Checkpoint RP1793: 3/28/2010 5:16:52 PM - System Checkpoint RP1794: 3/29/2010 7:01:44 PM - System Checkpoint RP1795: 3/31/2010 9:00:06 AM - System Checkpoint RP1796: 4/1/2010 10:08:28 AM - System Checkpoint RP1797: 4/2/2010 2:33:44 PM - System Checkpoint RP1798: 4/3/2010 4:26:45 PM - System Checkpoint RP1799: 4/5/2010 9:39:56 PM - System Checkpoint RP1800: 4/6/2010 12:42:11 AM - Removed Age of Empires III RP1801: 4/6/2010 3:20:45 AM - Software Distribution Service 3.0 RP1802: 4/6/2010 3:55:55 PM - Restore Operation RP1803: 4/8/2010 3:35:56 AM - System Checkpoint RP1804: 4/9/2010 3:43:30 AM - System Checkpoint RP1805: 4/10/2010 4:40:23 AM - System Checkpoint RP1806: 4/11/2010 4:52:22 AM - System Checkpoint RP1807: 4/12/2010 8:53:35 AM - System Checkpoint RP1808: 4/13/2010 2:53:41 PM - System Checkpoint RP1809: 4/14/2010 6:55:26 PM - System Checkpoint RP1810: 4/16/2010 12:54:37 AM - System Checkpoint RP1811: 4/17/2010 1:42:45 AM - System Checkpoint RP1812: 4/18/2010 2:54:38 AM - System Checkpoint RP1813: 4/19/2010 12:29:07 PM - System Checkpoint RP1814: 4/20/2010 6:20:08 PM - System Checkpoint RP1815: 4/22/2010 12:53:34 AM - System Checkpoint RP1816: 4/23/2010 2:33:30 PM - System Checkpoint RP1817: 4/24/2010 3:42:34 PM - System Checkpoint RP1818: 4/25/2010 6:49:56 PM - System Checkpoint RP1819: 4/27/2010 11:00:25 AM - System Checkpoint RP1820: 4/28/2010 9:49:01 PM - System Checkpoint RP1821: 4/30/2010 11:38:44 AM - System Checkpoint RP1822: 5/1/2010 12:18:50 PM - System Checkpoint RP1823: 5/2/2010 3:18:21 PM - System Checkpoint RP1824: 5/3/2010 4:16:07 PM - System Checkpoint RP1825: 5/4/2010 9:49:14 PM - System Checkpoint RP1826: 5/5/2010 10:22:12 PM - System Checkpoint RP1827: 5/7/2010 11:54:03 AM - System Checkpoint RP1828: 5/8/2010 12:18:21 PM - System Checkpoint RP1829: 5/9/2010 4:00:19 PM - System Checkpoint RP1830: 5/10/2010 5:00:05 PM - System Checkpoint RP1831: 5/11/2010 11:40:40 PM - System Checkpoint RP1832: 5/14/2010 12:55:00 PM - System Checkpoint RP1833: 5/15/2010 4:17:39 PM - System Checkpoint RP1834: 5/16/2010 9:04:57 PM - System Checkpoint RP1835: 5/18/2010 8:51:10 AM - System Checkpoint RP1836: 5/19/2010 11:29:53 AM - System Checkpoint RP1837: 5/20/2010 2:40:55 PM - System Checkpoint RP1838: 5/21/2010 2:57:55 PM - System Checkpoint RP1839: 5/22/2010 4:34:36 PM - System Checkpoint RP1840: 5/23/2010 4:35:56 PM - System Checkpoint RP1841: 5/24/2010 5:18:59 PM - System Checkpoint RP1842: 5/25/2010 10:27:39 PM - System Checkpoint RP1843: 5/26/2010 10:48:10 PM - System Checkpoint ==== Installed Programs ====================== Ad-Aware Adobe Acrobat 5.0 Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Audition 1.5 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Photoshop CS Adobe Reader 8.1.6 Age of Empires III AOL Instant Messenger Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver AutoUpdate BitComet 0.99 BitLord 1.1 Bonjour Broadcom Advanced Control Suite 2 Business Plan Pro 2005 Capitalism II Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common ccc-core-preinstall ccc-core-static ccc-utility CCC Help English CCleaner Civilization III - Gold Edition Compatibility Pack for the 2007 Office system Conexant D850 56K V.9x DFVc Modem Creative MediaSource Critical Update for Windows Media Player 11 (KB959772) Dell Driver Reset Tool Dell Media Experience Dell Networking Guide Dell Support Center (Support Software) DellSupport Desktop Weather by The Weather Channel Digital Line Detect DivX Converter DivX Setup EA Download Manager EA Download Manager UI EarthLink Setup Files ESPNMotion Express Burn ffdshow Flickr Uploadr 2.5.0.15 FLV Player 2.0 (build 25) Free Games Offer, Desktop Shortcut GameSpy Arcade Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Software Update Intel Application Accelerator Internet Explorer Default Page iTunes Jasc Paint Shop Photo Album Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 13 Java 6 Update 4 LimeWire 4.16.6 Linksys Wireless-G PCI Network Adapter with SpeedBooster Malwarebytes' Anti-Malware MD Simple Burner 2.0.03 MediaGateway Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Close Combat: A Bridge Too Far Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Modem Helper Monopoly Tycoon Mozilla Firefox (3.6.3) MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB973686) MTG GamePack for Magic Workstation Musicmatch for Windows Media Player Musicmatch
-
This has been going on for a while now, I tried to wait and see if I could fix it myself but no luck. Here is the MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4076 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 5/27/2010 8:38:32 PM mbam-log-2010-05-27 (20-38-32).txt Scan type: Quick scan Objects scanned: 144959 Time elapsed: 3 hour(s), 1 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The DDS log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Game User at 10:28:35.32 on Thu 05/27/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.445 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe SVCHOST.EXE SVCHOST.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe SVCHOST.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Game User\My Documents\Downloads\dds(2).scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.atcomet.com/b/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - TB: {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [updReg] c:\windows\UpdReg.EXE mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [FLMOFFICE4DMOUSE] c:\program files\micro innovations\wireless keyboard & optical mouse\mouse32a.exe mRun: [OFFICEKB] c:\program files\micro innovations\wireless keyboard & optical mouse\kbdap32a.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [wffbvnyh] c:\documents and settings\networkservice\local settings\application data\iudogkpsv\blrksontssd.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\game user\start menu\programs\absolute poker\Absolute Poker.lnk IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\poker.com\poker.exe IE: {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\worldpokerexchange\GameClient.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206 IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll DPF: Microsoft XML Parser for Java DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} - No File STS: {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\gameus~1\applic~1\mozilla\firefox\profiles\r435oz3c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/ FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-7 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-20 304464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-20 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-20 38224] S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104] =============== Created Last 30 ================ 2010-05-23 15:26:26 0 d-----w- c:\windows\pss 2010-05-06 17:53:22 0 d-----w- c:\program files\common files\DivX Shared 2010-05-06 16:45:01 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX ==================== Find3M ==================== 2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-08 19:27:59 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys 2010-04-08 19:27:59 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys 2010-04-07 21:27:55 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-04-07 21:27:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-04-06 20:35:53 4621 ---h--w- c:\windows\fonts\mlog 2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys 2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-17 05:50:01 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-17 05:50:01 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll 2008-03-01 21:20:52 22778 -csh--r- c:\windows\installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll 2008-03-01 21:20:48 18638 -csh--r- c:\windows\installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll 2007-10-24 01:05:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 10:31:09.03 =============== Then the ark.txt and attach should be zipped together below.
-
Problem fixed, I had issues for many hours getting mbam to run properly. Now that I have the problem has ceased. I'm sorry if you have already spent time reviewing my logs and for posting within my own post. Thank you for the service you provide and for the guides that helped me through it.
-
DS (Ver_09-06-26.01) - NTFSx86 Run by Game User at 23:58:43.45 on Mon 01/18/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.507 [GMT -6:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe SVCHOST.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Game User\My Documents\Downloads\dds.scr C:\Program Files\Internet Explorer\iexplore.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://google.atcomet.com/b/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - TB: {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart uRun: [cls_pack.exe] c:\docume~1\gameus~1\locals~1\temp\cls_pack.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [updReg] c:\windows\UpdReg.EXE mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [FLMOFFICE4DMOUSE] c:\program files\micro innovations\wireless keyboard & optical mouse\mouse32a.exe mRun: [OFFICEKB] c:\program files\micro innovations\wireless keyboard & optical mouse\kbdap32a.exe mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\game user\start menu\programs\absolute poker\Absolute Poker.lnk IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\poker.com\poker.exe IE: {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\worldpokerexchange\GameClient.exe IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206 IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Microsoft XML Parser for Java DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} - No File STS: {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\gameus~1\applic~1\mozilla\firefox\profiles\r435oz3c.default\ FF - prefs.js: browser.startup.homepage - hxxps://jsu.blackboard.com/webapps/login/|http://www.bing.com/ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-20 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432] S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104] S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe --> c:\progra~1\mcafee.com\vso\mcshield.exe [?] S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?] =============== Created Last 30 ================ 2010-01-18 15:59 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-18 15:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-18 15:59 19,160 a------- c:\windows\system32\drivers\mbam.sys 2010-01-18 15:59 <DIR> --d----- c:\program files\FluffyKitten 2010-01-18 02:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2010-01-17 08:10 470,528 -------- c:\windows\system32\dllcache\aclayers.dll 2010-01-17 04:50 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat 2010-01-16 23:00 <DIR> --d----- c:\program files\Malware Defense 2010-01-11 23:12 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-12-25 12:45 <DIR> --d----- c:\program files\common files\muvee Technologies 2009-12-25 12:44 95,744 a----r-- c:\windows\system32\atl80.dll 2009-12-25 12:44 626,688 a----r-- c:\windows\system32\msvcr80.dll 2009-12-25 12:44 548,864 a----r-- c:\windows\system32\msvcp80.dll 2009-12-25 12:44 1,079,808 a----r-- c:\windows\system32\mfc80u.dll 2009-12-25 12:39 <DIR> --d----- c:\program files\OLYMPUS ==================== Find3M ==================== 2009-11-21 10:36 470,528 a------- c:\windows\apppatch\aclayers.dll 2009-10-28 08:36 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 08:36 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-10-28 00:54 634,632 -------- c:\windows\system32\dllcache\iexplore.exe 2009-10-28 00:52 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-10-21 00:00 75,776 a------- c:\windows\system32\strmfilt.dll 2009-10-21 00:00 25,088 a------- c:\windows\system32\httpapi.dll 2009-10-21 00:00 75,776 -------- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 00:00 25,088 -------- c:\windows\system32\dllcache\httpapi.dll 2008-01-01 21:34 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat 2008-03-01 15:20 22,778 -c-shr-- c:\windows\installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll 2008-03-01 15:20 18,638 -c-shr-- c:\windows\installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll 2007-10-23 19:05 848 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 0:00:44.60 =============== ark.zip