Jump to content

Recommended Posts

This has been going on for a while now, I tried to wait and see if I could fix it myself but no luck. Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4076

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

5/27/2010 8:38:32 PM

mbam-log-2010-05-27 (20-38-32).txt

Scan type: Quick scan

Objects scanned: 144959

Time elapsed: 3 hour(s), 1 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Game User at 10:28:35.32 on Thu 05/27/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.445 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

SVCHOST.EXE

SVCHOST.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

SVCHOST.EXE

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe

C:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Game User\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -

TB: {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [FLMOFFICE4DMOUSE] c:\program files\micro innovations\wireless keyboard & optical mouse\mouse32a.exe

mRun: [OFFICEKB] c:\program files\micro innovations\wireless keyboard & optical mouse\kbdap32a.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [wffbvnyh] c:\documents and settings\networkservice\local settings\application data\iudogkpsv\blrksontssd.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: {13C1DBF6-7535-495c-91F6-8C13714ED485} - c:\documents and settings\game user\start menu\programs\absolute poker\Absolute Poker.lnk

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\poker.com\poker.exe

IE: {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\worldpokerexchange\GameClient.exe

IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.1.2.dll/206

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk

IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

DPF: Microsoft XML Parser for Java

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} - No File

STS: {27321538-5739-4aa1-b84c-7d18e4383f1f} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gameus~1\applic~1\mozilla\firefox\profiles\r435oz3c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-7 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-20 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-20 20952]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-20 38224]

S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104]

=============== Created Last 30 ================

2010-05-23 15:26:26 0 d-----w- c:\windows\pss

2010-05-06 17:53:22 0 d-----w- c:\program files\common files\DivX Shared

2010-05-06 16:45:01 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-08 19:27:59 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys

2010-04-08 19:27:59 45312 ----a-w- c:\windows\system32\dllcache\ql12160.sys

2010-04-07 21:27:55 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-04-07 21:27:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-04-06 20:35:53 4621 ---h--w- c:\windows\fonts\mlog

2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-17 05:50:01 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-17 05:50:01 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll

2008-03-01 21:20:52 22778 -csh--r- c:\windows\installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll

2008-03-01 21:20:48 18638 -csh--r- c:\windows\installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll

2007-10-24 01:05:37 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 10:31:09.03 ===============

Then the ark.txt and attach should be zipped together below.

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please post the ARK and attach log (you can just paste them in the reply box, no need to attach).

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please post the ARK and attach log (you can just paste them in the reply box, no need to attach).

Hi Elise and thanks for your quick reply. My computer is many years old and I think the logs might reflect that. Here you go. :)

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 11/19/2004 7:44:53 PM

System Uptime: 5/27/2010 10:02:19 AM (0 hours ago)

Motherboard: Dell Inc. | | 0J3492

Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 67.657 GiB free.

D: is CDROM ()

F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1768: 2/27/2010 12:07:51 PM - System Checkpoint

RP1769: 2/28/2010 12:08:21 PM - System Checkpoint

RP1770: 3/1/2010 2:30:49 PM - System Checkpoint

RP1771: 3/2/2010 3:23:48 PM - System Checkpoint

RP1772: 3/3/2010 11:06:13 PM - System Checkpoint

RP1773: 3/5/2010 11:36:26 PM - System Checkpoint

RP1774: 3/7/2010 12:33:12 AM - System Checkpoint

RP1775: 3/8/2010 1:09:13 AM - System Checkpoint

RP1776: 3/9/2010 1:14:18 AM - System Checkpoint

RP1777: 3/10/2010 10:53:37 AM - System Checkpoint

RP1778: 3/11/2010 12:14:11 PM - System Checkpoint

RP1779: 3/12/2010 12:19:14 PM - System Checkpoint

RP1780: 3/13/2010 12:37:55 PM - System Checkpoint

RP1781: 3/14/2010 7:04:20 PM - System Checkpoint

RP1782: 3/15/2010 11:18:39 PM - System Checkpoint

RP1783: 3/16/2010 11:21:33 PM - System Checkpoint

RP1784: 3/18/2010 2:00:16 PM - Software Distribution Service 3.0

RP1785: 3/19/2010 2:39:39 PM - System Checkpoint

RP1786: 3/20/2010 8:22:42 PM - System Checkpoint

RP1787: 3/21/2010 8:36:38 PM - System Checkpoint

RP1788: 3/23/2010 12:08:07 AM - System Checkpoint

RP1789: 3/24/2010 12:11:44 AM - System Checkpoint

RP1790: 3/25/2010 1:03:18 PM - System Checkpoint

RP1791: 3/26/2010 2:34:43 PM - System Checkpoint

RP1792: 3/27/2010 4:45:11 PM - System Checkpoint

RP1793: 3/28/2010 5:16:52 PM - System Checkpoint

RP1794: 3/29/2010 7:01:44 PM - System Checkpoint

RP1795: 3/31/2010 9:00:06 AM - System Checkpoint

RP1796: 4/1/2010 10:08:28 AM - System Checkpoint

RP1797: 4/2/2010 2:33:44 PM - System Checkpoint

RP1798: 4/3/2010 4:26:45 PM - System Checkpoint

RP1799: 4/5/2010 9:39:56 PM - System Checkpoint

RP1800: 4/6/2010 12:42:11 AM - Removed Age of Empires III

RP1801: 4/6/2010 3:20:45 AM - Software Distribution Service 3.0

RP1802: 4/6/2010 3:55:55 PM - Restore Operation

RP1803: 4/8/2010 3:35:56 AM - System Checkpoint

RP1804: 4/9/2010 3:43:30 AM - System Checkpoint

RP1805: 4/10/2010 4:40:23 AM - System Checkpoint

RP1806: 4/11/2010 4:52:22 AM - System Checkpoint

RP1807: 4/12/2010 8:53:35 AM - System Checkpoint

RP1808: 4/13/2010 2:53:41 PM - System Checkpoint

RP1809: 4/14/2010 6:55:26 PM - System Checkpoint

RP1810: 4/16/2010 12:54:37 AM - System Checkpoint

RP1811: 4/17/2010 1:42:45 AM - System Checkpoint

RP1812: 4/18/2010 2:54:38 AM - System Checkpoint

RP1813: 4/19/2010 12:29:07 PM - System Checkpoint

RP1814: 4/20/2010 6:20:08 PM - System Checkpoint

RP1815: 4/22/2010 12:53:34 AM - System Checkpoint

RP1816: 4/23/2010 2:33:30 PM - System Checkpoint

RP1817: 4/24/2010 3:42:34 PM - System Checkpoint

RP1818: 4/25/2010 6:49:56 PM - System Checkpoint

RP1819: 4/27/2010 11:00:25 AM - System Checkpoint

RP1820: 4/28/2010 9:49:01 PM - System Checkpoint

RP1821: 4/30/2010 11:38:44 AM - System Checkpoint

RP1822: 5/1/2010 12:18:50 PM - System Checkpoint

RP1823: 5/2/2010 3:18:21 PM - System Checkpoint

RP1824: 5/3/2010 4:16:07 PM - System Checkpoint

RP1825: 5/4/2010 9:49:14 PM - System Checkpoint

RP1826: 5/5/2010 10:22:12 PM - System Checkpoint

RP1827: 5/7/2010 11:54:03 AM - System Checkpoint

RP1828: 5/8/2010 12:18:21 PM - System Checkpoint

RP1829: 5/9/2010 4:00:19 PM - System Checkpoint

RP1830: 5/10/2010 5:00:05 PM - System Checkpoint

RP1831: 5/11/2010 11:40:40 PM - System Checkpoint

RP1832: 5/14/2010 12:55:00 PM - System Checkpoint

RP1833: 5/15/2010 4:17:39 PM - System Checkpoint

RP1834: 5/16/2010 9:04:57 PM - System Checkpoint

RP1835: 5/18/2010 8:51:10 AM - System Checkpoint

RP1836: 5/19/2010 11:29:53 AM - System Checkpoint

RP1837: 5/20/2010 2:40:55 PM - System Checkpoint

RP1838: 5/21/2010 2:57:55 PM - System Checkpoint

RP1839: 5/22/2010 4:34:36 PM - System Checkpoint

RP1840: 5/23/2010 4:35:56 PM - System Checkpoint

RP1841: 5/24/2010 5:18:59 PM - System Checkpoint

RP1842: 5/25/2010 10:27:39 PM - System Checkpoint

RP1843: 5/26/2010 10:48:10 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware

Adobe Acrobat 5.0

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Audition 1.5

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Photoshop CS

Adobe Reader 8.1.6

Age of Empires III

AOL Instant Messenger

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Control Panel

ATI Display Driver

AutoUpdate

BitComet 0.99

BitLord 1.1

Bonjour

Broadcom Advanced Control Suite 2

Business Plan Pro 2005

Capitalism II

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner

Civilization III - Gold Edition

Compatibility Pack for the 2007 Office system

Conexant D850 56K V.9x DFVc Modem

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Reset Tool

Dell Media Experience

Dell Networking Guide

Dell Support Center (Support Software)

DellSupport

Desktop Weather by The Weather Channel

Digital Line Detect

DivX Converter

DivX Setup

EA Download Manager

EA Download Manager UI

EarthLink Setup Files

ESPNMotion

Express Burn

ffdshow

Flickr Uploadr 2.5.0.15

FLV Player 2.0 (build 25)

Free Games Offer, Desktop Shortcut

GameSpy Arcade

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

HP Software Update

Intel Application Accelerator

Internet Explorer Default Page

iTunes

Jasc Paint Shop Photo Album

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 13

Java 6 Update 4

LimeWire 4.16.6

Linksys Wireless-G PCI Network Adapter with SpeedBooster

Malwarebytes' Anti-Malware

MD Simple Burner 2.0.03

MediaGateway

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Close Combat: A Bridge Too Far

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Excel Viewer 2003

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word Viewer 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Modem Helper

Monopoly Tycoon

Mozilla Firefox (3.6.3)

MSN Messenger 7.5

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

MTG GamePack for Magic Workstation

Musicmatch for Windows Media Player

Musicmatch

Link to post
Share on other sites

(part 1) ark.txt:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-27 17:12:30

Windows 5.1.2600 Service Pack 2

Running: gqqyp7ni.exe; Driver: C:\DOCUME~1\GAMEUS~1\LOCALS~1\Temp\fwloapog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF777487E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7774BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ql12160.sys entry point in ".rsrc" section [0xF774EB94]

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF61D7000, 0x17C39E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A

.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A

.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C

.text C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00D3000A

.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C6000A

.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D0000A

.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C5000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0124000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0125000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0123000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \FileSystem\Fastfat \Fat A8A24C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 86A1CAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC0 0x18 0x00 0x27 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xB9 0x86 0x75 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x6D 0xF6 0x84 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBD 0xEA 0x12 0xBB ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC0 0x18 0x00 0x27 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB7 0xB9 0x86 0x75 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x99 0x6D 0xF6 0x84 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xBD 0xEA 0x12 0xBB ...

Reg HKLM\SOFTWARE\Classes\.3gpp@ QuickTime.3gpp

Reg HKLM\SOFTWARE\Classes\.3gpp@Content Type video/3gpp

Reg HKLM\SOFTWARE\Classes\.3gpp@QuickTime.bak

Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithList

Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.3gpp\OpenWithProgIds@QuickTime.3gpp

Reg HKLM\SOFTWARE\Classes\.aac@ QuickTime.aac

Reg HKLM\SOFTWARE\Classes\.aac@Content Type audio/aac

Reg HKLM\SOFTWARE\Classes\.aac@QuickTime.bak

Reg HKLM\SOFTWARE\Classes\.aac\OpenWithList

Reg HKLM\SOFTWARE\Classes\.aac\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.aac\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.aac\OpenWithProgIds@QuickTime.aac

Reg HKLM\SOFTWARE\Classes\.ace@ Ace-Archiv

Reg HKLM\SOFTWARE\Classes\.adts@ QuickTime.adts

Reg HKLM\SOFTWARE\Classes\.adts@Content Type audio/aac

Reg HKLM\SOFTWARE\Classes\.adts@QuickTime.bak

Reg HKLM\SOFTWARE\Classes\.adts\OpenWithList

Reg HKLM\SOFTWARE\Classes\.adts\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.adts\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.adts\OpenWithProgIds@QuickTime.adts

Reg HKLM\SOFTWARE\Classes\.age3Xsav@ AgeofEmpiresIII-TheWarChiefs.age3Xsav

Reg HKLM\SOFTWARE\Classes\.AKN@ AKN_AUTO

Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1

Reg HKLM\SOFTWARE\Classes\.arc@ Arc-Archiv

Reg HKLM\SOFTWARE\Classes\.arj@ Arj-Archiv

Reg HKLM\SOFTWARE\Classes\.bc!@ BitLordUnfinishedFile

Reg HKLM\SOFTWARE\Classes\.bz2@ BZip2-Archiv

Reg HKLM\SOFTWARE\Classes\.flc@

Reg HKLM\SOFTWARE\Classes\.flc@Content Type video/flc

Reg HKLM\SOFTWARE\Classes\.flc\OpenWithList

Reg HKLM\SOFTWARE\Classes\.flc\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.flc\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.flc\OpenWithProgIds@QuickTime.flc

Reg HKLM\SOFTWARE\Classes\.fli@

Reg HKLM\SOFTWARE\Classes\.fli@Content Type video/flc

Reg HKLM\SOFTWARE\Classes\.fli\OpenWithList

Reg HKLM\SOFTWARE\Classes\.fli\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.fli\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.fli\OpenWithProgIds@QuickTime.fli

Reg HKLM\SOFTWARE\Classes\.jbf\PersistentHandler

Reg HKLM\SOFTWARE\Classes\.jbf\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}

Reg HKLM\SOFTWARE\Classes\.lha@ Lha-Archiv

Reg HKLM\SOFTWARE\Classes\.lzh@ Lzh-Archiv

Reg HKLM\SOFTWARE\Classes\.mdf@ mdf_auto_file

Reg HKLM\SOFTWARE\Classes\.mim@ Base64-Archiv

Reg HKLM\SOFTWARE\Classes\.mod@Content Type video/mpeg

Reg HKLM\SOFTWARE\Classes\.mod@PerceivedType video

Reg HKLM\SOFTWARE\Classes\.mod@ mpegfile

Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList

Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList\wmplayer.exe

Reg HKLM\SOFTWARE\Classes\.mod\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.mod\OpenWithProgIds@mpegfile

Reg HKLM\SOFTWARE\Classes\.mp4@ QuickTime.mp4

Reg HKLM\SOFTWARE\Classes\.mp4@Content Type video/mp4

Reg HKLM\SOFTWARE\Classes\.mp4@QuickTime.bak

Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithList

Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.mp4\OpenWithProgIds@QuickTime.mp4

Reg HKLM\SOFTWARE\Classes\.mqv@ QuickTime.mqv

Reg HKLM\SOFTWARE\Classes\.mqv@Content Type video/quicktime

Reg HKLM\SOFTWARE\Classes\.mqv@QuickTime.bak

Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithList

Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.mqv\OpenWithProgIds@QuickTime.mqv

Reg HKLM\SOFTWARE\Classes\.mwDeck@ MWSDeck

Reg HKLM\SOFTWARE\Classes\.r00@ r00_auto_file

Reg HKLM\SOFTWARE\Classes\.rar@ Rar-Archiv

Reg HKLM\SOFTWARE\Classes\.rpc\PersistentHandler

Reg HKLM\SOFTWARE\Classes\.rpc\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}

Reg HKLM\SOFTWARE\Classes\.rts@

Reg HKLM\SOFTWARE\Classes\.rts@Content Type application/x-rtsp

Reg HKLM\SOFTWARE\Classes\.rts\OpenWithList

Reg HKLM\SOFTWARE\Classes\.rts\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.rts\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.rts\OpenWithProgIds@QuickTime.rts

Reg HKLM\SOFTWARE\Classes\.rtsp@

Reg HKLM\SOFTWARE\Classes\.rtsp@Content Type application/x-rtsp

Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithList

Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.rtsp\OpenWithProgIds@QuickTime.rtsp

Reg HKLM\SOFTWARE\Classes\.uue@ UUEncoded-Archiv

Reg HKLM\SOFTWARE\Classes\.vfw@

Reg HKLM\SOFTWARE\Classes\.vfw@Content Type video/x-msvideo

Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithList

Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithList\QuickTimePlayer.exe

Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithProgIds

Reg HKLM\SOFTWARE\Classes\.vfw\OpenWithProgIds@QuickTime.vfw

Reg HKLM\SOFTWARE\Classes\.wpf@XSave

Reg HKLM\SOFTWARE\Classes\.wpf@ WinAce preset file

Reg HKLM\SOFTWARE\Classes\.xef@ XEF-Datei

Reg HKLM\SOFTWARE\Classes\.xxe@ XXEncoded-Archiv

Reg HKLM\SOFTWARE\Classes\.ybm@ ybmfile

Reg HKLM\SOFTWARE\Classes\.ybm@ContentType text/ybm

Reg HKLM\SOFTWARE\Classes\.ymg@ YPager.Messenger

Reg HKLM\SOFTWARE\Classes\.ymg@Content Type application/ymsgr

Reg HKLM\SOFTWARE\Classes\.yps@ YPager.Messenger

Reg HKLM\SOFTWARE\Classes\.yps@Content Type application/ymsgr

Reg HKLM\SOFTWARE\Classes\.zf~~~@ ZfUpdir

Reg HKLM\SOFTWARE\Classes\.zoo@ Zoo-Archiv

Reg HKLM\SOFTWARE\Classes\Ace-Archiv@ Ace archive

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet

Reg HKLM\SOFTWARE\Classes\Ace-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet@ {8FF88D23-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav@ Age of Empires III - The WarChiefs Save Game

Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell

Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open

Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open\command

Reg HKLM\SOFTWARE\Classes\AgeofEmpiresIII-TheWarChiefs.age3Xsav\shell\open\command@ C:\PROGRA~1\MICROS~4\AGEOFE~2\AGE3XL~1.EXE "%1"

Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant Messenger Protocol

Reg HKLM\SOFTWARE\Classes\aim@URL Protocol

Reg HKLM\SOFTWARE\Classes\aim\shell

Reg HKLM\SOFTWARE\Classes\aim\shell\open

Reg HKLM\SOFTWARE\Classes\aim\shell\open\command

Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ "C:\Program Files\AIM\aim.exe" %1

Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell

Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open

Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open\command

Reg HKLM\SOFTWARE\Classes\AKN_AUTO\shell\open\command@ "C:\Program Files\Absolute Poker\SkinUpdate.exe" "%1"

Reg HKLM\SOFTWARE\Classes\aol_htm@ HTML Document

Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon

Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon@ c:\program files\common files\aol\1140943258\ee\services\browserapp\ver1_2_5_15\resources\en-US\AOLDocument.ico

Reg HKLM\SOFTWARE\Classes\aol_htm\shell

Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open

Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command

Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command@ "C:\Program Files\AOL\Explorer\1.2\AOLExplorer.exe" -u "%1"

Reg HKLM\SOFTWARE\Classes\Arc-Archiv@ Arc archive

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Arc-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Arj-Archiv@ Arj archive

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Arj-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Base64-Archiv@ base64 file

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Base64-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\BitLordUnfinishedFile@ BitLord Incomplete Download File

Reg HKLM\SOFTWARE\Classes\bittorrent@ BitLord File

Reg HKLM\SOFTWARE\Classes\bittorrent@OldDefault BitLord File

Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon

Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon@ "C:\Program Files\BitLord\BitLord.exe",1

Reg HKLM\SOFTWARE\Classes\bittorrent\DefaultIcon@OldDefault "C:\Program Files\BitLord\BitLord.exe",1

Reg HKLM\SOFTWARE\Classes\bittorrent\shell

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command@ "C:\Program Files\BitLord\BitLord.exe" "%1" /dummy

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\command@OldDefault "C:\Program Files\BitLord\BitLord.exe" "%1" /dummy

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec@ %1

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Application

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Application@ BitLord

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Topic

Reg HKLM\SOFTWARE\Classes\bittorrent\shell\open\ddeexec\Topic@ TORRENT

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv@ BZip2 archive

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\BZip2-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu@ CmdLineContextMenu Class

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CLSID

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CLSID@ {9869EFB4-18E9-11D3-A837-00104B9E30B5}

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CurVer

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu\CurVer@ CmdLineExt.CmdLineContextMenu.1

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1@ CmdLineContextMenu Class

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1\CLSID

Reg HKLM\SOFTWARE\Classes\CmdLineExt.CmdLineContextMenu.1\CLSID@ {9869EFB4-18E9-11D3-A837-00104B9E30B5}

Reg HKLM\SOFTWARE\Classes\Context.test@ Ctest Object

Reg HKLM\SOFTWARE\Classes\Context.test\CLSID

Reg HKLM\SOFTWARE\Classes\Context.test\CLSID@ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}

Reg HKLM\SOFTWARE\Classes\Context.test\CurVer

Reg HKLM\SOFTWARE\Classes\Context.test\CurVer@ Context.test.1

Reg HKLM\SOFTWARE\Classes\Context.test.1@ Ctest Object

Reg HKLM\SOFTWARE\Classes\Context.test.1\CLSID

Reg HKLM\SOFTWARE\Classes\Context.test.1\CLSID@ {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}

Reg HKLM\SOFTWARE\Classes\ft60.YFT@ CYFT Object

Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID

Reg HKLM\SOFTWARE\Classes\ft60.YFT\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}

Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer

Reg HKLM\SOFTWARE\Classes\ft60.YFT\CurVer@ ft60.YFT.1

Reg HKLM\SOFTWARE\Classes\ft60.YFT.1@ CYFT Object

Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID

Reg HKLM\SOFTWARE\Classes\ft60.YFT.1\CLSID@ {24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}

Reg HKLM\SOFTWARE\Classes\GPI\Settings

Reg HKLM\SOFTWARE\Classes\GPI\Settings@CtrlR 8H2BKG0

Reg HKLM\SOFTWARE\Classes\GPI\Settings@CtrlT 8H1RKH0

Reg HKLM\SOFTWARE\Classes\GZip-Archiv@ GZip archive

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\GZip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv@ GZipTar archive

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\GZipTar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator@ aimlocator Class

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer@ isaim.aimlocator.1

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1@ aimlocator Class

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID

Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}

Reg HKLM\SOFTWARE\Classes\ISO image file@ ISO image

Reg HKLM\SOFTWARE\Classes\ISO image file\DefaultIcon

Reg HKLM\SOFTWARE\Classes\ISO image file\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,18

Reg HKLM\SOFTWARE\Classes\ISO image file\shell

Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open

Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open\command

Reg HKLM\SOFTWARE\Classes\ISO image file\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\ISO image file\shellex

Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\ISO image file\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv@ JavaSoft archive

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Javasoft Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Lha-Archiv@ Lha archive

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Lha-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv@ Lha archive

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Lzh-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\magnet@ URL:MagNet Protocol

Reg HKLM\SOFTWARE\Classes\magnet@URL Protocol

Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon

Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon@ "C:\Program Files\LimeWire\LimeWire.ico",-128

Reg HKLM\SOFTWARE\Classes\magnet\shell

Reg HKLM\SOFTWARE\Classes\magnet\shell\open

Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command

Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command@ "C:\Program Files\LimeWire\LimeWire.exe" "%L"

Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj@ McAfee.com Agent Ping Info Object

Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CLSID

Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CLSID@ {1EE08B59-2834-4f65-B2B9-1723F646ECF7}

Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CurVer

Reg HKLM\SOFTWARE\Classes\McAfee.com.Agent.PingObj\CurVer@ McAfee.com.Agent.PingObj

Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj@ McAfee.com FW Ping Info Object

Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CLSID

Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CLSID@ {1EE08B59-2834-4f65-B2B9-1723F646ECF7}

Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CurVer

Reg HKLM\SOFTWARE\Classes\McAfee.com.FW.PingObj\CurVer@ McAfee.com.FW.PingObj

Reg HKLM\SOFTWARE\Classes\mdf_auto_file@

Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell

Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open

Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open\command

Reg HKLM\SOFTWARE\Classes\mdf_auto_file\shell\open\command@ "C:\Program Files\DAEMON Tools\daemon.exe" "%1"

Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller@ LicenseInstaller Class

Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CLSID

Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CLSID@ {144B9C7E-235A-4316-9EB3-5E393714C77A}

Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CurVer

Reg HKLM\SOFTWARE\Classes\MediaGateway.LicenseInstaller\CurVer@ MediaGateway.LicenseInstaller.1

Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\CLSID

Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\CLSID@ {FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv@ MS-Cabinet

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\MS-Cabinet-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service

Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid

Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7}

Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service

Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid

Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7}

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP@ MSSCP Class

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CLSID

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CLSID@ {32BAED44-34B5-11D3-9315-00C04F72D6CF}

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CurVer

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP\CurVer@ MsScp.MSSCP.1

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1@ MSSCP Class

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1\CLSID

Reg HKLM\SOFTWARE\Classes\MsScp.MSSCP.1\CLSID@ {32BAED44-34B5-11D3-9315-00C04F72D6CF}

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS@ SCPTRANS Class

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CLSID

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CLSID@ {5C140836-43DE-11d3-847D-00C04F79DBC0}

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CurVer

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CurVer@ MsScp.SCPTRANS.1

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1@ SCPTRANS Class

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\CLSID

Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\CLSID@ {5C140836-43DE-11d3-847D-00C04F79DBC0}

Reg HKLM\SOFTWARE\Classes\MWSDeck@ Magic Workstation DECK

Reg HKLM\SOFTWARE\Classes\MWSDeck\DefaultIcon

Reg HKLM\SOFTWARE\Classes\MWSDeck\DefaultIcon@ C:\Program Files\Magic Workstation\MagicWorkstation.exe,1

Reg HKLM\SOFTWARE\Classes\MWSDeck\shell

Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open

Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open\command

Reg HKLM\SOFTWARE\Classes\MWSDeck\shell\open\command@ "C:\Program Files\Magic Workstation\MagicWorkstation.exe" "%1"

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel@ PhotoPanel Class

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24}

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel\CurVer@ PhotoShare.PhotoPanel.1

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1@ PhotoPanel Class

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID

Reg HKLM\SOFTWARE\Classes\PhotoShare.PhotoPanel.1\CLSID@ {6FF98F64-474B-416F-A5B8-B593F8B44D24}

Reg HKLM\SOFTWARE\Classes\plaxo@ URL: Plaxo Protocol

Reg HKLM\SOFTWARE\Classes\plaxo@URL Protocol

Reg HKLM\SOFTWARE\Classes\plaxo\shell

Reg HKLM\SOFTWARE\Classes\plaxo\shell\open

Reg HKLM\SOFTWARE\Classes\plaxo\shell\open\command

Reg HKLM\SOFTWARE\Classes\plaxo\shell\open\command@ C:\Program Files\Plaxo\2.6.2.9\plx_link.exe -command="%1"

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost@ ProtectorHost Class

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost\CurVer@ ProtectorExe.ProtectorHost.1

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1@ ProtectorHost Class

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID

Reg HKLM\SOFTWARE\Classes\ProtectorExe.ProtectorHost.1\CLSID@ {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector@ Protector Class

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7}

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector\CurVer@ protector_dll.Protector.1

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1@ Protector Class

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID

Reg HKLM\SOFTWARE\Classes\protector_dll.Protector.1\CLSID@ {6134CEA9-DD6E-495C-A0D1-4F232027D7D7}

Reg HKLM\SOFTWARE\Classes\r00_auto_file@

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell@ open

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open@ &Open

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open\command

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\open\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Open "%L"

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play@ &Play

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play\command

Reg HKLM\SOFTWARE\Classes\r00_auto_file\shell\play\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Play "%L"

Reg HKLM\SOFTWARE\Classes\Rar-Archiv@ Rar archive

(pt. 2 continued...)

Link to post
Share on other sites

(part 2 ark.txt)

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,15

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Rar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface@ RomeScriptInterfaces.GameQueryInterface

Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface\CLSID

Reg HKLM\SOFTWARE\Classes\RomeScriptInterfaces.GameQueryInterface\CLSID@ {EE4DEA71-3E59-432B-AF58-2B13E53D4F90}

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy@ SuperBuddy Class

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CLSID

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CLSID@ {AE98F132-0B5F-44CF-A7B9-AA88A5A65382}

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CurVer

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy\CurVer@ SbOcp.SuperBuddy.1

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1@ SuperBuddy Class

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1\CLSID

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddy.1\CLSID@ {AE98F132-0B5F-44CF-A7B9-AA88A5A65382}

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData@ Ocp SuperBuddyData Class

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CLSID

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CLSID@ {13C368F9-772C-49E9-B84A-D6B2CC07EA72}

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CurVer

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData\CurVer@ SbOcp.SuperBuddyData.1

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1@ Ocp SuperBuddyData Class

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1\CLSID

Reg HKLM\SOFTWARE\Classes\SbOcp.SuperBuddyData.1\CLSID@ {13C368F9-772C-49E9-B84A-D6B2CC07EA72}

Reg HKLM\SOFTWARE\Classes\StockView.StockView@ StockView Class

Reg HKLM\SOFTWARE\Classes\StockView.StockView\CurVer

Reg HKLM\SOFTWARE\Classes\StockView.StockView\CurVer@ StockView.StockView.1

Reg HKLM\SOFTWARE\Classes\StockView.StockView.1@ StockView Class

Reg HKLM\SOFTWARE\Classes\StockView.StockView.1\CLSID

Reg HKLM\SOFTWARE\Classes\StockView.StockView.1\CLSID@ {8D4B0BE1-C02E-11D2-A33D-00A0C94B8D0E}

Reg HKLM\SOFTWARE\Classes\Tar-Archiv@ Tar archive

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Tar-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv@ uuencoded file

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\UUEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\WinAce@ WinAce archive

Reg HKLM\SOFTWARE\Classes\WinAce\DefaultIcon

Reg HKLM\SOFTWARE\Classes\WinAce\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\WinAce\shell

Reg HKLM\SOFTWARE\Classes\WinAce\shell\open

Reg HKLM\SOFTWARE\Classes\WinAce\shell\open\command

Reg HKLM\SOFTWARE\Classes\WinAce\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\WinAce preset file@ WinAce preset file

Reg HKLM\SOFTWARE\Classes\WinAce preset file\DefaultIcon

Reg HKLM\SOFTWARE\Classes\WinAce preset file\DefaultIcon@ C:\Program Files\WinAce\arcicons.dll,17

Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell

Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open

Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open\command

Reg HKLM\SOFTWARE\Classes\WinAce preset file\shell\open\command@ "C:\Program Files\WinAce\winace.exe" "%1"

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager@ NSSManager Class

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CLSID

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CLSID@ {92498132-4d1a-4297-9b78-9e2e4ba99c07}

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CurVer

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CurVer@ WMPNSSCI.NSSManager.1

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1@ NSSManager Class

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\CLSID

Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\CLSID@ {92498132-4d1a-4297-9b78-9e2e4ba99c07}

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document@ WordPerfect Document

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CLSID

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CLSID@ {C01E1033-A04C-40D6-9AF4-1D33CBF2AFB2}

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CurVer

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\CurVer@ WP12Doc

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\DefaultIcon

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\DefaultIcon@ C:\Program Files\WordPerfect Office 12\Programs\pficon120.dll,-5121

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell@ open

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open@ &Open

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open\command

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\open\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" "%1"

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print@ &Print

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\command

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" /ddeex /smin :

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec@ FileOpen("%1") PrintFullDoc() CloseNoSave(1)

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\application

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\application@ WPWin12_Macros

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\topic

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\print\ddeexec\topic@ Commands

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\command

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\command@ "C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe" /ddeex /smin :

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec@ PrintTo("%1";"%2";"%3";"%4")

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\application

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\application@ WPWin12_Macros

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\topic

Reg HKLM\SOFTWARE\Classes\WordPerfect.Document\shell\printto\ddeexec\topic@ Commands

Reg HKLM\SOFTWARE\Classes\XEF-Datei@ xef file

Reg HKLM\SOFTWARE\Classes\XEF-Datei\DefaultIcon

Reg HKLM\SOFTWARE\Classes\XEF-Datei\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open\command

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\XEF-Datei\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv@ xxencoded file

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\XXEncoded-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf@ Yahoo! Audio Conferencing

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf\CurVer@ Yahoo.AudioConf.1

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1@ Yahoo! Audio Conferencing

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioConf.1\CLSID@ {2B323CD9-50E3-11D3-9466-00A0C9700498}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider@ Yahoo! Audio Slider

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer@ Yahoo.AudioSlider.1

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1@ Yahoo! Audio Slider

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioSlider.1\CLSID@ {EC1831E0-C231-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1@ Yahoo! Audio UI1

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer@ Yahoo.Audio UI1.1

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1@ Yahoo! Audio UI1

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.AudioUI1.1\CLSID@ {7D1E9C49-BD6A-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl@ MessengerCompanionControl Class

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer@ Yahoo.MessengerCompanionControl.3

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3@ MessengerCompanionControl Class

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.3\CLSID@ {977046B0-A87F-11d5-8FEA-FFFFFF000000}

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5@ MessengerCompanionControl Class

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5\CLSID@ {FBE30D66-39A2-4b72-8B43-6D4C335A6F34}

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin@ PopupBlocker Class

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer@ Yahoo.PopupBlockerPlugin.4

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4@ PopupBlocker Class

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\CLSID@ {1147DC83-6208-4dca-8E88-DD45BAAB3043}

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter@ Yahoo! VU Meter

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter\CurVer@ Yahoo.VuMeter.1

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1@ Yahoo! VU Meter

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo.VuMeter.1\CLSID@ {EB54205E-BF1F-11D3-87A8-009027A35D73}

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3@ Yahoo Class

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3\CurVer@ Yahoo3.Yahoo3.1

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1@ Yahoo Class

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID

Reg HKLM\SOFTWARE\Classes\Yahoo3.Yahoo3.1\CLSID@ {29F46F81-4B2A-11D1-9BCE-00A0C96ED13A}

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge@ YahooBridge Class

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86}

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge\CurVer@ YahooBridgeLib.YahooBridge.1

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1@ YahooBridge Class

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID

Reg HKLM\SOFTWARE\Classes\YahooBridgeLib.YahooBridge.1\CLSID@ {58916BE6-BAFF-4f33-AEFE-B2AA03FE4C86}

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert@ YAlert Class

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58}

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert\CurVer@ YAlertCenter.YAlert.1

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1@ YAlert Class

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID

Reg HKLM\SOFTWARE\Classes\YAlertCenter.YAlert.1\CLSID@ {97D85205-80CF-4b71-90A5-D220DA4FEE58}

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\open\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command

Reg HKLM\SOFTWARE\Classes\Ybmfile\shell\opennew\command@ C:\PROGRA~1\Yahoo!\Common\YSHORT~1.EXE %1

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX@ YbButtonX Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX\CurVer@ YbSkin.YbButtonX.1

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1@ YbButtonX Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbButtonX.1\CLSID@ {B448FAA5-DC36-4C3D-9436-67021CDECA82}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage@ YbImage Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage\CurVer@ YbSkin.YbImage.1

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1@ YbImage Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImage.1\CLSID@ {E4528244-55B0-4FBC-B27E-26851B634D02}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX@ YbImgX Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX\CurVer@ YbSkin.YbImgX.1

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1@ YbImgX Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbImgX.1\CLSID@ {E7EEC168-A4C4-42C6-8601-B02816959B24}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin@ YbSkin Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1}

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin\CurVer@ YbSkin.YbSkin.1

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1@ YbSkin Class

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkin.YbSkin.1\CLSID@ {3D5D83B0-47DC-4862-93D6-3E827A14AED1}

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector@ SkinSelector Class

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902}

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector\CurVer@ YbSkinSelect.SkinSelector.1

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1@ SkinSelector Class

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID

Reg HKLM\SOFTWARE\Classes\YbSkinSelect.SkinSelector.1\CLSID@ {2018C303-E3F2-4455-AA1A-773F84F10902}

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM@ YahooTaggedBM Class

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A}

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM\CurVer@ YIeTagBm.YahooTaggedBM.1

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1@ YahooTaggedBM Class

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID

Reg HKLM\SOFTWARE\Classes\YIeTagBm.YahooTaggedBM.1\CLSID@ {65D886A2-7CA7-479B-BB95-14D1EFB7946A}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter@ YInstStarter Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter\CurVer@ YInstHelper.YInstStarter.1

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1@ YInstStarter Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarter.1\CLSID@ {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade@ YInstStarterUpgrade Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade\CurVer@ YInstHelper.YInstStarterUpgrade.1

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1@ YInstStarterUpgrade Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YInstStarterUpgrade.1\CLSID@ {0291E591-EA41-4c82-8106-3DC6CE7F7664}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2@ YSearchSetting2 Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31}

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2\CurVer@ YInstHelper.YSearchSetting2.1

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1@ YSearchSetting2 Class

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID

Reg HKLM\SOFTWARE\Classes\YInstHelper.YSearchSetting2.1\CLSID@ {347B0667-C7ED-429B-BDE3-CC8D3BACAA31}

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds@ LoginMenuIds Class

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71}

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds\CurVer@ YLoginIds.LoginMenuIds.1

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1@ LoginMenuIds Class

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID

Reg HKLM\SOFTWARE\Classes\YLoginIds.LoginMenuIds.1\CLSID@ {2840354C-234F-4450-8F2D-12459E75AE71}

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin@ YMECompPlugin Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer@ YMERemote.YMECompPlugin.1

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1@ YMECompPlugin Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\CLSID@ {F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl@ YMERemoteCtl Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer@ YMERemote.YMERemoteCtl.1

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1@ YMERemoteCtl Class

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1\CLSID@ {8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach@ YMailAttach Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach\CurVer@ YMMAPI.YMailAttach.1

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1@ YMailAttach Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailAttach.1\CLSID@ {AA218328-0EA8-4D70-8972-E987A9190FF4}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt@ YMailShellExt Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt\CurVer@ YMMAPI.YMailShellExt.1

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1@ YMailShellExt Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailShellExt.1\CLSID@ {5464D816-CF16-4784-B9F3-75C0DB52B499}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo@ YahooYMailTo Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000}

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo\CurVer@ YMMAPI.YMailTo.1

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1@ YahooYMailTo Class

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID

Reg HKLM\SOFTWARE\Classes\YMMAPI.YMailTo.1\CLSID@ {A17E30C4-A9BA-11D4-8673-60DB54C10000}

Reg HKLM\SOFTWARE\Classes\ymsgr@ URL: YMessenger Protocol

Reg HKLM\SOFTWARE\Classes\ymsgr@URL Protocol

Reg HKLM\SOFTWARE\Classes\ymsgr\shell

Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open

Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command

Reg HKLM\SOFTWARE\Classes\ymsgr\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPAGER.EXE" %1

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger@ YPager Messenger

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CLSID

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CurVer

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\CurVer@ Ypager.Messenger.1

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open\command

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPager.exe" %1

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1@ Messenger Class

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\CLSID

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\CLSID@ {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open\command

Reg HKLM\SOFTWARE\Classes\Ypager.Messenger.1\shell\open\command@ "C:\Program Files\Yahoo!\Messenger\YPager.exe" %1

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker@ MessengerChecker Class

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F}

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker\CurVer@ YPagerChecker.MessengerChecker.1

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1@ MessengerChecker Class

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPagerChecker.MessengerChecker.1\CLSID@ {DA4F543C-C8A9-4E88-9A79-548CBB46F18F}

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl@ BlockerCtrl Class

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\CurVer@ YPUBC.BlockerCtrl.1

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1@ BlockerCtrl Class

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\CLSID@ {6E40017D-FB6A-4804-BDE4-3BB09F1719C1}

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore@ DataStore Class

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore\CurVer@ YPUBC.DataStore.1

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1@ DataStore Class

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\CLSID@ {E1A2D448-6334-45ec-8800-6D7F71DC87FC}

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler@ PUBHTMLEventHandler Class

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\CurVer@ YPUBC.PUBHTMLEventHandler.1

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1@ PUBHTMLEventHandler Class

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\CLSID@ {37B8167C-B9A4-4316-94B2-67B64BB2BA7C}

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList@ StringList Class

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList\CurVer@ YPUBC.StringList.1

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1@ StringList Class

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID

Reg HKLM\SOFTWARE\Classes\YPUBC.StringList.1\CLSID@ {11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}

Reg HKLM\SOFTWARE\Classes\YServer.Component.1@ YServer

Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID

Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CLSID@ {B26DA9C0-7921-11D4-B0F2-0050DA2B3579}

Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer

Reg HKLM\SOFTWARE\Classes\YServer.Component.1\CurVer@ YServer.Component.1

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut@ Shortcut Class

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825}

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut\CurVer@ YShortcut_DLL.Shortcut.1

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1@ Shortcut Class

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.Shortcut.1\CLSID@ {67CE97C5-ABE6-429A-B6BD-3BD1333A0825}

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension@ TabExtension Class

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022}

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension\CurVer@ YShortcut_DLL.TabExtension.1

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1@ TabExtension Class

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID

Reg HKLM\SOFTWARE\Classes\YShortcut_DLL.TabExtension.1\CLSID@ {0B9DB0A9-D390-431A-9F98-39AEE11F2022}

Reg HKLM\SOFTWARE\Classes\yt.YTHelper@ Yahoo! Toolbar Helper

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer

Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer@ yt.YTHelper.2

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2@ Yahoo! Toolbar Helper

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand@ Yahoo! Toolbar

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer@ yt.YToolbarBand.1

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1@ Yahoo! Toolbar

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID

Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID@ {EF99BD32-C1FB-11D2-892F-0090271D4F88}

Reg HKLM\SOFTWARE\Classes\YUber.UberButton@ Yahoo! IE Services Button Class

Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID

Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer

Reg HKLM\SOFTWARE\Classes\YUber.UberButton\CurVer@ YUber.UberButton.1

Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1@ Yahoo! IE Services Button Class

Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID

Reg HKLM\SOFTWARE\Classes\YUber.UberButton.1\CLSID@ {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo@ GetInfo Class

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883}

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo\CurVer@ YVerInfo.GetInfo.1

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1@ GetInfo Class

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo.1\CLSID@ {D5184A39-CBDF-4A4F-AC1A-7A45A852C883}

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2@ GetInfo2 Class

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B}

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2\CurVer@ YVerInfo.GetInfo2.1

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1@ GetInfo2 Class

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID

Reg HKLM\SOFTWARE\Classes\YVerInfo.GetInfo2.1\CLSID@ {B345F37E-6763-433b-BC53-9B526A9B7B8B}

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload@ Yahoo! Webcam Upload

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277}

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload\CurVer@ YWcUpl.WcUpload.1

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1@ Yahoo! Webcam Upload

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID

Reg HKLM\SOFTWARE\Classes\YWcUpl.WcUpload.1\CLSID@ {DCE2F8B1-A520-11D4-8FD0-00D0B7730277}

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer@ Yahoo! Webcam Viewer

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277}

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer\CurVer@ YWcVwr.WcViewer.1

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1@ Yahoo! Webcam Viewer

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID

Reg HKLM\SOFTWARE\Classes\YWcVwr.WcViewer.1\CLSID@ {9D39223E-AE8E-11D4-8FD3-00D0B7730277}

Reg HKLM\SOFTWARE\Classes\ZfUpdir\DefaultIcon

Reg HKLM\SOFTWARE\Classes\ZfUpdir\DefaultIcon@ C:\Program Files\WinAce\zfIcons.dll,0

Reg HKLM\SOFTWARE\Classes\Zip-Archiv@ Zip archive

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet

Reg HKLM\SOFTWARE\Classes\Zip-Archiv\shellex\PropertySheetHandlers\ZFPropertySheet@ {8FF88D23-7BD0-11D1-BFB7-00AA00262A11}

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv@ Zoo archive

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\DefaultIcon

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\DefaultIcon@ C:\Program Files\WinAce\arcIcons.dll,12

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open\command

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shell\open\command@ "C:\Program Files\WinAce\WinAce.exe" "%1"

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers\ZFContextMenu

Reg HKLM\SOFTWARE\Classes\Zoo-Archiv\shellex\ContextMenuHandlers\ZFContextMenu@ {8FF88D21-7BD0-11D1-BFB7-00AA00262A11}

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ql12160.sys suspicious modification

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello again,

Unfortunately you have a nasty rootkit on board. Before starting the fix, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

That doesn't sound good. I ran combofix, here is the text. Attaching the file in the original post didn't seem to work so I will paste the log in addition to attaching it. I hope that isn't a problem. I'll go ahead and try to fix it and if all else fails I will get it reformatted. As for the other advice I have taken it, except for disconnecting this computer from the internet because I don't have the time to keep running back and forth to the library. Thanks again, Elise.

ComboFix 10-05-28.08 - Game User 05/29/2010 14:26:05.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.479 [GMT -5:00]

Running from: c:\documents and settings\Game User\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\GAMEUS~1\LOCALS~1\Temp\1.wmv

c:\program files\Mozilla Firefox\components\npclntax.xpt

c:\program files\security toolbar

c:\program files\security toolbar\Uninstall.bat

c:\windows\Fonts\mlog

c:\windows\system32\Data

c:\windows\system32\GroupPolicy\User\Scripts\null

c:\windows\system32\H8SRTxvnselvivx.log

c:\windows\system32\Install.txt

c:\windows\system32\Thumbs.db

c:\windows\system32\winstartup.log

c:\windows\Temp\log.txt

Infected copy of c:\windows\system32\drivers\ql12160.sys was found and disinfected

Restored copy from - Kitty had a snack :D

.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))

.

2010-05-14 06:34 . 2010-05-14 06:34 -------- d-----w- c:\program files\FLV Player

2010-05-08 03:50 . 2010-05-08 04:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iudogkpsv

2010-05-07 04:18 . 2010-05-07 04:18 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-06 17:54 . 2010-05-06 16:45 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-05-06 17:54 . 2010-05-06 16:44 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-05-06 17:54 . 2008-11-09 06:20 125872 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

2010-05-06 17:54 . 2010-05-06 17:54 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-05-06 16:45 . 2010-05-06 16:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-06 16:45 . 2010-05-07 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-26 14:53 . 2007-05-17 19:03 -------- d-----w- c:\documents and settings\Game User\Application Data\DivX

2010-05-08 15:59 . 2005-02-02 14:13 -------- d-----w- c:\program files\Google

2010-05-08 04:30 . 2010-01-20 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 17:54 . 2005-03-17 07:22 -------- d-----w- c:\program files\DivX

2010-04-29 20:39 . 2010-01-20 20:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-01-20 20:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 20:04 . 2007-06-29 06:20 -------- d-----w- c:\program files\Absolute Poker

2010-04-08 19:27 . 2001-08-17 19:52 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys

2010-04-07 21:27 . 2010-04-07 21:40 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-04-07 21:27 . 2010-04-07 21:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-04-07 21:24 . 2010-04-07 21:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2010-04-07 21:24 . 2008-02-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-07 21:24 . 2007-02-07 07:42 -------- d-----w- c:\program files\Lavasoft

2010-04-06 05:57 . 2004-11-17 04:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-31 01:58 . 2007-05-17 19:00 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2005-01-11 17:06 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2005-01-11 17:06 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-31 01:58 . 2004-08-02 08:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2010-03-17 17:05 . 2009-11-27 17:32 79488 ----a-w- c:\documents and settings\Game User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-17 05:50 . 2010-03-17 05:50 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-17 05:50 . 2010-03-17 05:50 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-17 05:50 . 2004-11-21 18:55 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-17 05:50 . 2004-11-20 01:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2008-03-01 21:20 . 2008-03-01 21:20 22778 -csh--r- c:\windows\Installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll

2008-03-01 21:20 . 2008-03-01 21:20 18638 -csh--r- c:\windows\Installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll

2007-10-24 01:05 . 2007-10-24 01:05 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2004-06-10 60928]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]

"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe" [2006-08-25 356352]

"OFFICEKB"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe" [2006-08-25 384000]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-04-07 21:27 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-01-15 09:22 267048 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2007-09-04 20:52 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-01-09 04:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-17 05:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14394:TCP"= 14394:TCP:BitComet 14394 TCP

"14394:UDP"= 14394:UDP:BitComet 14394 UDP

"9377:TCP"= 9377:TCP:spport

"24274:TCP"= 24274:TCP:spport

"11760:TCP"= 11760:TCP:spport

"24767:TCP"= 24767:TCP:spport

"29746:TCP"= 29746:TCP:spport

"18408:TCP"= 18408:TCP:spport

"19284:TCP"= 19284:TCP:spport

"22832:TCP"= 22832:TCP:spport

"16366:TCP"= 16366:TCP:spport

"13252:TCP"= 13252:TCP:spport

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/7/2010 4:28 PM 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 3:10 PM 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/20/2010 3:10 PM 20952]

S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2009 9:44 AM 133104]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/16/2005 3:12 AM 611064]

.

Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:27]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43]

2010-05-28 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Game User.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-05 20:39]

2010-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.atcomet.com/b/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: {{6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\Poker.com\poker.exe

IE: {{76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\WorldPokerExchange\GameClient.exe

IE: {{EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\Game User\Application Data\Mozilla\Firefox\Profiles\r435oz3c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu

AddRemove-Security Toolbar - c:\program files\Security Toolbar\Uninstall.bat

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 14:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1892665505-1986732269-1020939261-1007\Software\SecuROM\License information*]

"datasecu"=hex:c3,4a,93,1a,e0,92,72,36,08,48,9c,9e,4e,a9,21,8b,0e,a8,fa,b5,b7,

62,f2,d8,3d,58,09,40,c7,bb,08,43,3e,a2,ea,d5,9b,78,14,58,56,45,39,6b,f9,27,\

"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

@DACL=(02 0000)

@="bootstrap.application.1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-05-29 14:42:11

ComboFix-quarantined-files.txt 2010-05-29 19:42

Pre-Run: 70,344,630,272 bytes free

Post-Run: 73,997,471,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D6A6898E8F78D73ED12F09F1E50A5D63

ComboFix.txt

Link to post
Share on other sites

Hi, that looks quite good now. Please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Good to hear that the results look better. I followed your instruction and was prompted to download a new version of combofix when it ran after adding CFScript.txt. I downloaded it, ran combofix, then re-ran it so I could be sure that CFScript.txt was being used to make this log. The second log is below:

ComboFix 10-05-29.03 - Game User 05/29/2010 16:59:17.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.583 [GMT -5:00]

Running from: c:\documents and settings\Game User\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Game User\My Documents\Downloads\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))

.

2010-05-14 06:34 . 2010-05-14 06:34 -------- d-----w- c:\program files\FLV Player

2010-05-08 03:50 . 2010-05-08 04:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\iudogkpsv

2010-05-07 04:18 . 2010-05-07 04:18 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-06 17:54 . 2010-05-06 16:45 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-05-06 17:54 . 2010-05-06 16:44 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-05-06 17:54 . 2008-11-09 06:20 125872 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe

2010-05-06 17:54 . 2010-05-06 17:54 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-05-06 17:54 . 2010-05-06 17:54 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-05-06 16:45 . 2010-05-06 16:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-06 16:45 . 2010-05-07 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-29 20:03 . 2004-11-17 04:03 -------- d-----w- c:\program files\Common Files\Java

2010-05-26 14:53 . 2007-05-17 19:03 -------- d-----w- c:\documents and settings\Game User\Application Data\DivX

2010-05-08 15:59 . 2005-02-02 14:13 -------- d-----w- c:\program files\Google

2010-05-08 04:30 . 2010-01-20 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-06 17:54 . 2005-03-17 07:22 -------- d-----w- c:\program files\DivX

2010-04-29 20:39 . 2010-01-20 20:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-01-20 20:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 20:04 . 2007-06-29 06:20 -------- d-----w- c:\program files\Absolute Poker

2010-04-08 19:27 . 2001-08-17 19:52 45312 ----a-w- c:\windows\system32\drivers\ql12160.sys

2010-04-07 21:27 . 2010-04-07 21:40 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-04-07 21:27 . 2010-04-07 21:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-04-07 21:24 . 2010-04-07 21:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2010-04-07 21:24 . 2008-02-08 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-04-07 21:24 . 2007-02-07 07:42 -------- d-----w- c:\program files\Lavasoft

2010-04-06 05:57 . 2004-11-17 04:03 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-31 01:58 . 2007-05-17 19:00 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2005-01-11 17:06 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2005-01-11 17:06 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-31 01:58 . 2004-08-02 08:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2010-03-17 17:05 . 2009-11-27 17:32 79488 ----a-w- c:\documents and settings\Game User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-17 05:50 . 2010-03-17 05:50 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-03-17 05:50 . 2010-03-17 05:50 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-03-17 05:50 . 2010-03-17 05:50 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-03-17 05:50 . 2004-11-21 18:55 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-17 05:50 . 2004-11-20 01:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2008-03-01 21:20 . 2008-03-01 21:20 22778 -csh--r- c:\windows\Installer\{1f5c94c6-db70-476b-a6ae-e5441737343b}\zip.dll

2008-03-01 21:20 . 2008-03-01 21:20 18638 -csh--r- c:\windows\Installer\{fede1b12-1c3b-4c06-956b-527fd9ae3ef2}\RamSys.dll

2007-10-24 01:05 . 2007-10-24 01:05 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_19.38.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-29 20:03 . 2010-05-29 20:03 180224 c:\windows\Installer\245cca.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-04 344064]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2004-06-10 60928]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]

"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exe" [2006-08-25 356352]

"OFFICEKB"="c:\program files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exe" [2006-08-25 384000]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-16 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-04-07 21:27 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 04:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-01-15 09:22 267048 ----a-w- c:\program files\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]

2007-09-04 20:52 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-01-09 04:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-17 05:50 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\Program Files\\BitLord\\BitLord.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14394:TCP"= 14394:TCP:BitComet 14394 TCP

"14394:UDP"= 14394:UDP:BitComet 14394 UDP

"9377:TCP"= 9377:TCP:spport

"24274:TCP"= 24274:TCP:spport

"11760:TCP"= 11760:TCP:spport

"24767:TCP"= 24767:TCP:spport

"29746:TCP"= 29746:TCP:spport

"18408:TCP"= 18408:TCP:spport

"19284:TCP"= 19284:TCP:spport

"22832:TCP"= 22832:TCP:spport

"16366:TCP"= 16366:TCP:spport

"13252:TCP"= 13252:TCP:spport

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [4/7/2010 4:28 PM 64160]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2010 3:10 PM 304464]

R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [1/20/2010 3:10 PM 20952]

S2 gupdate1c9d6fdee15dd10;Google Update Service (gupdate1c9d6fdee15dd10);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2009 9:44 AM 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [11/16/2005 3:12 AM 611064]

.

Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:27]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-17 14:43]

2010-05-28 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Game User.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-05 20:39]

2010-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1892665505-1986732269-1020939261-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.atcomet.com/b/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: {{6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\Poker.com\poker.exe

IE: {{76028735-BBF1-4044-8DE2-5B90F0C7A77C} - c:\program files\WorldPokerExchange\GameClient.exe

IE: {{EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\Game User\Application Data\Mozilla\Firefox\Profiles\r435oz3c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.jsu.edu/

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 17:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1892665505-1986732269-1020939261-1007\Software\SecuROM\License information*]

"datasecu"=hex:c3,4a,93,1a,e0,92,72,36,08,48,9c,9e,4e,a9,21,8b,0e,a8,fa,b5,b7,

62,f2,d8,3d,58,09,40,c7,bb,08,43,3e,a2,ea,d5,9b,78,14,58,56,45,39,6b,f9,27,\

"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

@DACL=(02 0000)

@="bootstrap.application.1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2368)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-05-29 17:11:28

ComboFix-quarantined-files.txt 2010-05-29 22:11

ComboFix2.txt 2010-05-29 21:56

ComboFix3.txt 2010-05-29 19:42

Pre-Run: 73,849,667,584 bytes free

Post-Run: 73,834,733,568 bytes free

- - End Of File - - 07EBC15347504169287A3B1D1B38A554

Link to post
Share on other sites

Hi, that looks good, so lets now take care of some other issues :D

P2P WARNING

-------------------

Going over your logs I noticed that you have BitComet, BitLord and LimeWire installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Again thanks for your advice Elise. I have removed the p2p programs and the registry cleaner. I think I downloaded it following one of the instruction guides provided by Anti-Malware Bytes. But I'll steer clear of them in the future as well. My Java has been updated and so has mbam. Here is the log from a full scan, there weren't any problems with hard to remove files but some results:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4155

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

5/30/2010 10:45:24 AM

mbam-log-2010-05-30 (10-45-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 260108

Time elapsed: 1 hour(s), 33 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0375866.exe (Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353292.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353296.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353297.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353298.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353306.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1802\A0353310.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello again,

All detected items were in System Restore, which will be reset anyway once you are clean.

Lets do one last scan to check for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hello again,

Luckily most of the detections from ESET were in System Restore. This will be reset in the next few steps :)

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file).

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Thanks again, Elise. I'm trying to install the XP Service Pack 3 and having all sorts of trouble. When I try to install it using the automatic updates it gives me an access denied message. I guess it's not your area though. Doesn't seem to be Microsofts area either, fwiw. Thanks so much for your help, you can lock the thread now.

Link to post
Share on other sites

Hi, its not exactly my area of expertise, but that doesn't mean we cannot at least try :)

First of all, when attempting to update, are you logged in as administrator?

At what point do you get the Access Denied error and do you get any other error code?

Link to post
Share on other sites

If you're willing to volunteer I'm already stuck. I go through the installation process logged in as administrator and without any anti-virus software running. I also made sure that I didn't have a few particular programs installed before going through the process. But I received a few error messages about registry values:

HKCR\.wdp,\'\'

HKCR\.wdp,\'contenttype\'

HKCR\.wdp,\'perceivedtype\'

HKCR\.wdp,\'friendlytypename\'

Then about halfway through the process I received the access denied error followed by a message telling me to press ok to undo changes already made.

Link to post
Share on other sites

Hi, its possible I found the cause for this in one of your logs. Please redownload combofix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Now, try again and let me know if you still get the error message.

Link to post
Share on other sites

I followed the directions and the first time through it updated and restarted the computer without producing a log. When the computer restarted I got errors saying "cannot open CF31985.cfxxe" and it gave me the option of using the web or selecting a program from a list to open it with. Then when I tried installing the update I got an error "'The requested lookup key was not found in any active activation context." and told me to press ok to undo changes.

So I went through the process again, this time making sure the script was included and a log was produced. When I tried to install the update I got the same error message about the lookup key.

combofixcfscript.txt

Link to post
Share on other sites

In that case lets make sure all permissions are set as they should be :) Note, do NOT yet uninstall Combofix! If you have already done so, let me know so I can instruct you to manually back up your registry first with Erunt (combofix does that as part of its routine).

Please download subinacl.exe and doubleclick on it to install it (accept the license agreement and let it install).

Click Start > Run, type notepad in the runbox and press enter.

Copy and then paste the following text into Notepad.

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Save this Notepad file as Reset.cmd

Exit Notepad and double-click the Reset.cmd file to run the script.

Note - this script may take a while to run. When done, please try the Service Pack 3 update again (after a reboot).

Link to post
Share on other sites

This time around I ended up with a physical memory dump blue screen after a few minutes of running the reset script. There were two errors early on and the message came up while I was copying down the information on it. But the blue screen said it was a registry error and mentioned 0x00000051 (0x00000004,0x00000001,0xE47DF6C8,0x00002DA0).... Not sure if that does any good. So is it beyond repair?

Link to post
Share on other sites

According to Microsoft this is a known issue on Windows 2000/XP and they have a hotfix for it.

You can download it here

Please select the hotfix for XP, platform x86 (its the first in the list of available hotfixes) and provide the requested information.

Once you have the hotfix, run it and after taht try to run the reset.cmd file once again.

To make it a bit easier to understand what happens, this BSOD indicates a conflict in your Registry (two things try to access it at the same time).

Link to post
Share on other sites

I ran the hotfix and then the script and still got the physical memory dump screen. I restarted and tried again, no dice. The error messages were 0x00000051 (0x00000004,0x00000001,0xE542A7E8,0x00002DA0) and 0x00000051 (0x00000004,0x00000001,0xE4606560,0x00002DA0)... again, not sure if that helps. Is it broke yet? :)

Link to post
Share on other sites

Lets hope it isn't broke :)

Please click Start > Run, type chkdsk /r in the runbox and press enter. You will get prompted to schedule a scan on next reboot. Type Y and press enter.

Now reboot and allow the disk check to run unhindered (it may take a while). Afterwards try to run reset.cmd again.

Link to post
Share on other sites

I completed the chkdsk /r scan and ran the script but still got blue screens yelling physical memory dump at me. similar errors: (0xE496F7A0) and (0xE488DC68). This time I got a little further and got a 3rd error while running the script. You can call it quits any time, won't hurt my feelings a bit. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.