win32.tdss.rtk -no i-net, dev drives/disabled

beani · Aug 12, 2009

Upon startup desktop icons show, mouse moves, can open folders on desktop, though NO taskbar. Also my wireless connection has been disabled by the bug, or some other one. I have an external hard drive that has been connected to the pc infected, but it's not recognized. i am on my pc upstairs and not sure how to fix the issue without infecting this one.

any idea on how to fix i-net so troubleshooting will be easier?
i use SSaD often, but alas, have not updated for a couple months
i also have TR (Trojan Remover) http://www.simplysup.com

neither of them seen to fix it.

anyways, i need help!

thanks in advance,

beani · Aug 13, 2009

maybe this will help?

here is a list of what spybot detects:

Win32.TDSS.rtk

(SBI $7247D553) File
C:\WINDOWS\system32\drivers\UACffyxpedrmn.sys

(SBI $33BC16BB) File
C:\WINDOWS\system32\UACdgkqkajqlp.dll

here is a list of what processes are running on startup:

taskmgr.exe
nvsvc32.exe
NICServ.exe
jqs.exe
wlMonitor.exe
TeaTimer.exe
ctfmon.exe
msnmsgr.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
rundll32.exe
winampa.exe
RTHDCPL.EXE
smss.exe
explorer.exe
System
System Idle Process SYSTEM

thanks again!

beani · Aug 13, 2009

Update:
set up a small home network in hopes that i could run hijackthis, etc...
this bug is nasty, i can see the network, connect, and even choose files to share, except the infected computer refuses to see any of it... :-(

i did however realize, that i can access my external harddrive, no infected files found on it's sole scan, so should i use it to gather programs/ updates etc for my infected pc?

thanks again

Blade81 · Aug 16, 2009

Hi,

Before you use the external drive let's run disinfector against it first.

1. Download Flash_Disinfector and save it to your Desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.

After that you may get the tools. Let's use these:

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

beani · Aug 16, 2009

here is dds.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 0:14:53.35 on Sun 08/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6c350dfc-885f-4296-82e3-6428dd982099} - c:\windows\system32\wvUnNgFy.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [net] "c:\windows\system32\net.net"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Notify: wvUnNgFy - wvUnNgFy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: {6c350dfc-885f-4296-82e3-6428dd982099} - c:\windows\system32\wvUnNgFy.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\john doe\application data\mozilla\firefox\profiles\g8ttv7fh.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-10 11:16 144,896 a------- c:\windows\msa.exe
2009-08-10 11:16 207,364 a------- c:\windows\system32\msxml71.dll
2009-08-10 11:16 36,864 a------- c:\windows\system32\net.net
2009-08-10 11:05 1,234,550 a------- c:\windows\system32\xa.tmp
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:46 34,304 a------- c:\windows\system32\wvUnNgFy.dll
2009-07-24 02:46 34,304 a------- c:\windows\system32\rqRLdApq.dll
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 0:15:13.46 ===============

beani · Aug 16, 2009

here is attach.txt

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
Advertisement Service
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
BitLord 1.1
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
Trojan Remover 6.7.4
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft

==== End Of File ===========================

beani · Aug 16, 2009

finally gmer:

GMER 1.0.15.15020 [kt2w8ip6.exe] - http://www.gmer.net
Rootkit scan 2009-08-16 00:20:45
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

INT 0x62 ? 86F6DBF8
INT 0x63 ? 86F6DBF8
INT 0x73 ? 86F6DBF8
INT 0x73 ? 86F6DBF8
INT 0x73 ? 86CD6BF8
INT 0x73 ? 86F6DBF8
INT 0xA4 ? 86CD6BF8

Code 86DEF950 ZwEnumerateKey
Code 86DEFE98 ZwFlushInstructionCache
Code 86EB6926 IofCallDriver
Code 86E952C6 IofCompleteRequest
Code 86DF08AD ZwSaveKey
Code 86DF08E5 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE0F6 5 Bytes JMP 86EB692B
.text ntkrnlpa.exe!IofCompleteRequest 804EE186 5 Bytes JMP 86E952CB
.text ntkrnlpa.exe!ZwSaveKey 804FE5BC 5 Bytes JMP 86DF08B2
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE5D0 5 Bytes JMP 86DF08EA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAEDE 5 Bytes JMP 86DEFE9C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619A6E 5 Bytes JMP 86DEF954
? spkt.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6AD78AC 5 Bytes JMP 86CD61D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7310042] spkt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731013E] spkt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73100C0] spkt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7310800] spkt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73106D6] spkt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F731FE9C] spkt.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F6C1F8
Device \FileSystem\Fastfat \FatCdrom 86CC51F8
Device \Driver\usbohci \Device\USBPDO-0 86D8A1F8
Device \Driver\PCI_PNP4124 \Device\00000044 spkt.sys
Device \Driver\usbehci \Device\USBPDO-1 86D861F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FDC1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FDC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F6E1F8
Device \Driver\usbstor \Device\00000071 86C8E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F6E1F8
Device \Driver\usbstor \Device\00000072 86C8E1F8
Device \Driver\sptd \Device\1781309124 spkt.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort0 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort1 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort2 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort3 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort4 86F6D1F8
Device \Driver\atapi \Device\Ide\IdePort5 86F6D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 86F6D1F8
Device \Driver\usbstor \Device\00000073 86C8E1F8
Device \Driver\usbstor \Device\00000074 86C8E1F8
Device \Driver\usbstor \Device\00000075 86C8E1F8
Device \Driver\usbstor \Device\00000076 86C8E1F8
Device \Driver\usbstor \Device\00000077 86C8E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C6F500
Device \Driver\NetBT \Device\NetbiosSmb 86C6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{308B033B-1977-4BA5-AE09-8DA5616DE3F2} 86C6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{83301772-3304-4022-B6F4-A6771E84E3DE} 86C6F500
Device \Driver\usbohci \Device\USBFDO-0 86D8A1F8
Device \Driver\usbehci \Device\USBFDO-1 86D861F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86182500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86182500
Device \Driver\Ftdisk \Device\FtControl 86F6E1F8
Device \Driver\axiek8ez \Device\Scsi\axiek8ez1 86DF1500
Device \Driver\axiek8ez \Device\Scsi\axiek8ez1Port6Path0Target0Lun0 86DF1500
Device \FileSystem\Fastfat \Fat 86CC51F8
Device \FileSystem\Cdfs \Cdfs 8616A500

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACffyxpedrmn.sys (*** hidden *** )

Blade81 · Aug 16, 2009

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitLord

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

beani · Aug 16, 2009

cntd:

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xFB 0x21 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xEF 0x08 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0x5D 0x1B 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdgkqkajqtp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8A 0xFB 0x21 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xEF 0x08 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x87 0x5D 0x1B 0xA1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACffyxpedrmn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdgkqkajqtp.dll
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}@ Bidi Spooler APIs
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32@ C:\WINDOWS\system32\bidispl.dll
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\ProgID
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\ProgID@ bidispl.bidirequestcontainer.1
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FC5B8A24-DB05-4A01-8388-22EDF6C2BBBA}\VersionIndependentProgID@ bidispl.bidirequestcontainer
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}@ Internet Explorer Maintenance
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\InProcServer32@ C:\WINDOWS\system32\ieaksie.dll
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}@ ADs BackLink Object
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32@ adsnds.dll
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\ProgID
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\ProgID@ BackLink
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\TypeLib@ {97d25db0-0363-11cf-abc4-02608c9e7553}
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\Version
Reg HKLM\SOFTWARE\Classes\{fcbf906f-4080-11d1-a3ac-00c04fb950dc}\Version@ 0.0
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}@ DVD Graph Builder
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32@ C:\WINDOWS\system32\qdvd.dll
Reg HKLM\SOFTWARE\Classes\{FCC152B7-F372-11D0-8E00-00C04FD7C08B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}@ BDA Device Control Plug-in
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32@ BdaPlgin.ax
Reg HKLM\SOFTWARE\Classes\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}@ Microsoft WBEM NT Eventlog Instance Provider
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32@ C:\WINDOWS\system32\wbem\ntevt.dll
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\NotInsertable
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\ProgID@ WBEM.NT.EVENTLOG.INSTANCE.PROVIDER.0
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FD4F53E0-65DC-11D1-AB64-00C04FD9159E}\VersionIndependentProgID@ WBEM.NT.EVENTLOG.INSTANCE.PROVIDER
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}@ System Restore Wrapper
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\LocalServer32
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\LocalServer32@ C:\WINDOWS\system32\Restore\rstrui.exe
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\Programmable
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fd589b7c-7ce0-11d3-b9e5-00c04f79e399}\TypeLib@ {B545857A-1D0E-11d3-B9C7-00C04F79E399}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}@ Microsoft.Aspnet.Snapin.AspNetManagementUtility.2
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}@AppId {B2725CF7-D66F-4A99-8D4A-8EC9478C337A}

beani · Aug 16, 2009

Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@Class Microsoft.Aspnet.Snapin.AspNetManagementUtility
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32\2.0.0.0@Class Microsoft.Aspnet.Snapin.AspNetManagementUtility
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\ProgId
Reg HKLM\SOFTWARE\Classes\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\ProgId@ Microsoft.Aspnet.Snapin.AspNetManagementUtility.2
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}@ DiskManagement.Connection
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32@ %SystemRoot%\System32\dmdskmgr.dll
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\ProgID
Reg HKLM\SOFTWARE\Classes\{FD78D554-4C6E-11D0-970D-00A0C9191601}\ProgID@ DiskManagement.Connection
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeInternational
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CD9-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeBody
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDB-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessageParts
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDC-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeAllocator
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDD-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeSecurity
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDE-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IVirtualStream
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CDF-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeHeaderTable
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE0-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimePropertySet
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE1-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessageTree
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE2-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimeMessage
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CE3-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}@ CLSID_ISMTPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE6-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IPOP3Transport
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE7-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}@ CLSID_INNTPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE8-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IRASTransport
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CE9-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IRangeList
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CEA-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IIMAPTransport
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CEB-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}@ CLSID_IMimePropertySchema
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ %SystemRoot%\system32\inetcomm.dll
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FD853CED-7F86-11d0-8252-00C04FD85AB4}\TypeLib@ {E4B28371-83B0-11d0-8259-00C04FD85AB4}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}@ System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\InprocServer32\2.0.0.0@Class System.Runtime.Remoting.Lifetime.ClientSponsor
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\ProgId
Reg HKLM\SOFTWARE\Classes\{FD8C8FCE-4F85-36B2-B8E8-F5A183654539}\ProgId@ System.Runtime.Remoting.Lifetime.ClientSponsor

beani · Aug 16, 2009

Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}@ Microsoft OrganizationUnit Extension
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32@ adsmsext.dll
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\ProgID@ MSExtOrganizationUnit
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\TypeLib@ {97d25db0-0363-11cf-abc4-02608c9e7553}
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version
Reg HKLM\SOFTWARE\Classes\{fd8d3a5f-6066-11d1-8c13-00c04fd8d503}\Version@ 0.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}@ System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0@Class System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\ProgId
Reg HKLM\SOFTWARE\Classes\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\ProgId@ System.Runtime.InteropServices.OutAttribute
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}@ PSFactoryBuffer
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32@ C:\WINDOWS\system32\hnetcfg.dll
Reg HKLM\SOFTWARE\Classes\{FDD384CC-78C6-4E6D-8694-1DACBEE57F96}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}@ MSSOAP.DLL SoapReader class
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32@ C:\Program Files\Common Files\MSSoap\Binaries\mssoap1.dll
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\ProgID
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\ProgID@ MSSOAP.SoapReader.1
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\TypeLib
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\TypeLib@ {C65657D9-5C4B-421E-8DA6-AD4D590FE854}
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\VersionIndependentProgID@ MSSOAP.SoapReader
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}@ IE Custom MRU AutoCompleted List
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}@ System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\InprocServer32\2.0.0.0@Class System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\ProgId
Reg HKLM\SOFTWARE\Classes\{FDF9C30D-CCAB-3E2D-B584-9E24CE8038E3}\ProgId@ System.Security.Cryptography.SHA1Managed
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}@ QT Decompressor
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\{FDFE9681-74A3-11D0-AFA7-00AA00B67A42}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}@ Directory
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllContainers\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\ContextMenuHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\AllObjects\shellex\PropertySheetHandlers\{0D45D530-764B-11d0-A1CA-00AA00C16E65}@ {0D45D530-764B-11d0-A1CA-00AA00C16E65}
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes@
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes\printQueue
Reg HKLM\SOFTWARE\Classes\{fe1290f0-cfbd-11cf-a330-00aa00c16e65}\Classes\printQueue@PropertiesHandler {77597368-7b15-11d0-a0c2-080036af3f03}
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32@ C:\WINDOWS\system32\catsrvut.dll
Reg HKLM\SOFTWARE\Classes\{FE12CD81-5158-4bd8-A37C-A621BC0E143B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}@ CddbPL2Timestamp Class
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32@ C:\Program Files\Winamp\Plugins\Gracenote\CddbPlaylist2Winamp.dll
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\ProgID
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\ProgID@ CddbPlaylist2NSWinamp.CddbPL2Timestamp.1
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\Programmable
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\TypeLib
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\TypeLib@ {7919d0ca-3043-4c02-b778-ab2bf4931f58}
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{fe4c8bff-961f-42c2-bad8-808f76edde15}\VersionIndependentProgID@ CddbPlaylist2NSWinamp.CddbPL2Timestamp
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}@ Microsoft Feeds Manager
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32@ C:\WINDOWS\system32\msfeeds.dll
Reg HKLM\SOFTWARE\Classes\{FE6B11C3-C72E-4061-86C6-9D163121F229}\InProcServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}@ WSecEdit RSOP Security Settings Class
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32@ C:\WINDOWS\system32\wsecedit.dll
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\InprocServer32@ThreadingModel both
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\ProgID
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\ProgID@ Wsecedit.RSOP.1
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FE883157-CEBD-4570-B7A2-E4FE06ABE626}\VersionIndependentProgID@ Wsecedit.RSOP
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}@ WBEM Registry Instance Provider
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32@ C:\WINDOWS\system32\wbem\stdprov.dll
Reg HKLM\SOFTWARE\Classes\{FE9AF5C0-D3B6-11CE-A5B6-00AA00680C3F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}@ DirectSoundFullDuplex Object
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32@ dsound.dll
Reg HKLM\SOFTWARE\Classes\{FEA4300C-7959-4147-B26A-2377B9E7A91D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}@ MPEG Video Codec
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}@ WMDM Transcode Property Page
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32@ C:\WINDOWS\system32\wmp.dll
Reg HKLM\SOFTWARE\Classes\{fecd606e-7161-4cbc-a868-4703867823ea}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}@ Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@Class Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@Assembly AspNetMMCExt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer32\2.0.0.0@Class Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\ProgId
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\ProgId@ Microsoft.Aspnet.Snapin.PropertyPageExtension
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEDB2179-2335-48F1-AA28-5CDA35A2B36D}\InprocServer32@ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}@ CompositeFolder
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\{FEF10DED-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}@
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\{FEF10FA2-355E-4e06-9381-9B24D7F7CC88}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}@ Microsoft OLE DB Root Binder for Internet Publishing
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32@ C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder@ Microsoft OLE DB Root Binder
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID@ MSDAURL.Binder.1
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID@ MSDAURL.Binder
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}@ WBEM NT5 Base Perf Provider
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32@ %systemroot%\system32\wbem\wbemperf.dll
Reg HKLM\SOFTWARE\Classes\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}@ History
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\DefaultIcon
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\DefaultIcon@ C:\WINDOWS\system32\ieframe.dll,-20785
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellFolder
Reg HKLM\SOFTWARE\Classes\{FF393560-C2A7-11CF-BFF4-444553540000}\ShellFolder@Attributes -1610612732
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}@ NVIDIA CPL Extension
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@ C:\WINDOWS\system32\nvcpl.dll
Reg HKLM\SOFTWARE\Classes\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}@ ShellExecute HW Event Handler
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}@AppID {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\LocalServer32@ rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\ProgID
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\ProgID@ Shell.HWEventHandlerShellExecute.1
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\VersionIndependentProgID
Reg HKLM\SOFTWARE\Classes\{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\VersionIndependentProgID@ Shell.HWEventHandlerShellExecute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}@ System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@RuntimeVersion v2.0.50727
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@Assembly mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\InprocServer32\2.0.0.0@Class System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\ProgId
Reg HKLM\SOFTWARE\Classes\{FFC9F9AE-E87A-3252-8E25-B22423A40065}\ProgId@ System.ThreadStaticAttribute
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}@ XML Feed Moniker
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll
Reg HKLM\SOFTWARE\Classes\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}@ ffdshow Video Decoder ffproc
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32@ C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
Reg HKLM\SOFTWARE\Classes\{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}\InprocServer32@ThreadingModel Both

beani · Aug 16, 2009

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a 5593 bytes
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a-n 0 bytes
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a-n\gluegen-rt.dll 20480 bytes executable
File C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-12344c7a-n\4f710eed-12344c7a.idx 10763 bytes

---- EOF - GMER 1.0.15 ----

thanks for your help!

Blade81 · Aug 16, 2009

Next instructions are in post #8

beani · Aug 16, 2009

ComboFix 09-08-10.06 - John Doe 08/16/2009 1:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.746 [GMT -7:00]
Running from: k:\security\ComboFix.exe
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\run.log
c:\windows\system32\drivers\MSIVXuiwwqaaewiieyrnbjouacxqbxtrivhav.sys.vir
c:\windows\system32\drivers\UACffyxpedrmn.sys
c:\windows\system32\msconfig.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\msxml71.dll
c:\windows\system32\net.net
c:\windows\system32\rqRLdApq.dll
c:\windows\system32\UACdgkqkajqtp.dll
c:\windows\system32\wvUnNgFy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment
2009-07-17 10:20 . 2009-08-02 21:20 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 08:03 . 2009-04-17 09:45 -------- d-----w- c:\program files\BitLord
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-11 18:57 . 2009-06-09 10:00 -------- d-----w- c:\program files\Trojan Remover
2009-08-10 18:05 . 2009-08-10 18:05 1234550 ----a-w- c:\windows\system32\xa.tmp
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-02 00:55 . 2009-04-17 09:15 90112 ----a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-18 18:12 . 2009-04-17 18:14 -------- d-----w- c:\program files\DivX
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 ----a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\ntmssvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-09 1059720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-net - c:\windows\system32\net.net

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\docume~1\JOHNDO~1\APPLIC~1\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 01:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-16 1:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 08:16

Pre-Run: 49,829,949,440 bytes free
Post-Run: 49,824,899,072 bytes free

220

beani · Aug 16, 2009

DDS (Ver_09-07-30.01) - NTFSx86
Run by John Doe at 1:19:31.32 on Sun 08/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.698 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
K:\Security\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\linksy~1.lnk - c:\program files\linksys\wusbf54g\wlMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johndo~1\applic~1\mozilla\firefox\profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\john doe\application data\mozilla\firefox\profiles\g8ttv7fh.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\john doe\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\linksys\wusbf54g\NICServ.exe [2009-6-14 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-6-9 40576]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [2009-6-14 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\fah.exe -svcstart --> c:\docume~1\johndo~1\locals~1\temp\ixp001.tmp\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [2009-5-5 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [2009-5-5 475264]

=============== Created Last 30 ================

2009-08-16 01:15 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\wbem\snmp
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\xircom
2009-08-16 01:13 <DIR> --d----- c:\windows\system32\ime
2009-08-16 01:13 <DIR> --d----- c:\windows\srchasst
2009-08-16 01:13 <DIR> --d----- c:\program files\msn gaming zone
2009-08-16 01:13 <DIR> --d----- c:\program files\common files\speechengines
2009-08-16 01:04 216,064 a------- c:\windows\PEV.exe
2009-08-16 01:04 161,792 a------- c:\windows\SWREG.exe
2009-08-16 01:04 98,816 a------- c:\windows\sed.exe
2009-08-11 12:12 1,334 a------- c:\windows\wininit.ini
2009-08-10 11:05 1,234,550 a------- c:\windows\system32\xa.tmp
2009-08-09 00:28 <DIR> --d----- c:\program files\IZArc
2009-08-07 23:11 <DIR> --d----- C:\ILLUSION
2009-08-07 23:02 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-24 02:32 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-24 02:21 <DIR> --d----- c:\windows\system32\DirectX
2009-07-24 02:21 <DIR> --d----- c:\windows\Logs
2009-07-24 02:21 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-07-24 02:21 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-07-24 02:00 <DIR> --d----- c:\program files\Deep Silver
2009-07-24 02:00 <DIR> --d----- c:\windows\system32\AGEIA
2009-07-24 01:59 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Pro
2009-07-24 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-24 01:04 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-24 01:01 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-24 01:01 <DIR> --d----- c:\docume~1\johndo~1\applic~1\DAEMON Tools Lite
2009-07-23 03:46 67 a------- c:\windows\lz_scm.ini
2009-07-22 11:00 97,792 a------- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 10:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-21 09:13 <DIR> --d----- c:\program files\Ascaron Entertainment

==================== Find3M ====================

2009-07-25 08:21 98,304 a------- c:\windows\DUMP76e5.tmp
2009-07-01 17:55 90,112 a------- c:\windows\DUMP853d.tmp
2009-06-27 08:14 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-06-06 09:38 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-06-06 09:38 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-06-06 09:38 585,728 a------- c:\windows\system32\bsratswf.dll
2009-06-06 09:38 147,456 a------- c:\windows\system32\bsratwmv.dll

============= FINISH: 1:19:43.81 ===============

beani · Aug 16, 2009

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 9:29:45 AM
System Uptime: 8/16/2009 1:13:11 AM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2204/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 46.426 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
K: is FIXED (FAT32) - 466 GiB total, 323.633 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C3D52F11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C3D52F11D800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD

==== System Restore Points ===================

RP103: 8/16/2009 1:08:28 AM - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
AGEIA PhysX v7.11.13
ArcSoft VideoImpression 2
Artificial Girl 3
BSR Screen Recorder 4
Choice Guard
Comcast High-Speed Internet Install Wizard
DAEMON Tools Toolbar
DivX Web Player
Google Chrome
Google Update Helper
HAKO
HP Webcam
IZArc 4.0 beta 1
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.5 (Basic)
Linksys Wireless Network Monitor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.0.13)
MSVCRT
NVIDIA Drivers
Realtek High Definition Audio Driver
Sacred 2
Sacred Underworld
Segoe UI
Spybot - Search & Destroy
Trojan Remover 6.7.4
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Virtual Audio Cable 4.9
VLC media player 0.9.9
Winamp
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

8/16/2009 1:15:13 AM, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/16/2009 1:09:00 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/16/2009 1:09:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
8/16/2009 1:09:00 AM, error: Service Control Manager [7000] - The FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 1:07:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014BFBE82FD. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/13/2009 1:28:27 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/10/2009 11:16:30 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
8/10/2009 11:16:30 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

Uninstalled BitLord, kept the associated folders (downloads etc.)...
Ran Combofix
Ran DDS
Rebooted,
Taskbar is back!

Now what?

Thanks,

Blade81 · Aug 17, 2009

Uninstalled BitLord, kept the associated folders (downloads etc.)...

Hi,

You have to delete c:\program files\BitLord folder too.

Upload c:\windows\system32\xa.tmp file to http://www.virustotal.com and post back the results or a link to the results.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code:

:filefind
c:\windows\system32\drivers\beep.sys
c:\windows\system32\msgsvc.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\ntmssvc.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please download and extract XPSP2 netsvcs file. Then double-click on it to merge it into the registry.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Uninstall old Adobe Reader versions and get the latest one (9.1 + separate updates 9.1.2 and 9.1.3 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date. If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and other above requested logs/reports.

beani · Aug 17, 2009

1) deleted \bitlord folder

2) uploaded c:\windows\system32\xa.tmp just said:
0 bytes size received / Se ha recibido un archivo vacio

3) ran systemlook:

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 01:33 on 17/08/2009 by John Doe (Administrator - Elevation successful)

========== filefind ==========

Searching for "c:\windows\system32\drivers\beep.sys"
No files found.

Searching for "c:\windows\system32\msgsvc.dll"
No files found.

Searching for "c:\windows\system32\wscntfy.exe"
No files found.

Searching for "c:\windows\system32\ntmssvc.dll"
No files found.

-=End Of File=-

4) extracted XPSP2_netsvcs.zip sucessfully

5) ComboFix w/ script:

ComboFix 09-08-10.06 - John Doe 08/17/2009 1:42.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.614 [GMT -7:00]
Running from: k:\security\ComboFix.exe
Command switches used :: c:\documents and settings\John Doe\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-16 10:46 . 2009-08-16 10:46 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-16 10:46 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-16 10:46 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-16 10:46 . 2009-08-16 10:46 -------- d-----w- c:\program files\Zone Labs
2009-08-16 10:46 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-16 10:45 . 2009-08-17 08:43 -------- d-----w- c:\windows\Internet Logs
2009-08-16 10:36 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-16 10:36 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-16 10:36 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-16 10:36 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\program files\Avira
2009-08-16 10:36 . 2009-08-16 10:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\system32\xircom
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\windows\srchasst
2009-08-16 08:13 . 2009-08-16 08:13 -------- d-----w- c:\program files\microsoft frontpage
2009-08-09 07:28 . 2009-08-09 07:29 -------- d-----w- c:\program files\IZArc
2009-08-08 06:11 . 2009-08-08 12:08 -------- d-----w- C:\ILLUSION
2009-08-08 06:02 . 2009-08-08 06:04 -------- d-----w- c:\windows\system32\URTTemp
2009-07-24 09:48 . 2009-07-24 09:48 -------- d-----w- c:\documents and settings\John Doe\Local Settings\Application Data\Ascaron Entertainment
2009-07-24 09:32 . 2009-07-24 09:32 -------- d--h--r- c:\documents and settings\John Doe\Application Data\SecuROM
2009-07-24 09:32 . 2009-07-24 09:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-24 09:21 . 2009-07-24 09:21 -------- d-----w- c:\windows\Logs
2009-07-24 09:21 . 2009-07-24 09:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-24 09:21 . 2009-07-24 09:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\Deep Silver
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\windows\system32\AGEIA
2009-07-24 09:00 . 2009-07-24 09:00 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-24 08:59 . 2009-07-24 08:59 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Pro
2009-07-24 08:05 . 2009-07-24 08:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-24 08:04 . 2009-07-24 08:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-24 08:01 . 2009-07-24 08:01 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-24 08:01 . 2009-07-24 08:05 -------- d-----w- c:\documents and settings\John Doe\Application Data\DAEMON Tools Lite
2009-07-22 18:00 . 2009-07-22 18:00 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\Karma\Local Settings\Application Data\Mozilla
2009-07-21 16:13 . 2009-07-21 16:13 -------- d-----w- c:\program files\Ascaron Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 10:09 . 2009-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 07:52 . 2009-05-19 16:55 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-11 18:57 . 2009-06-09 10:00 -------- d-----w- c:\program files\Trojan Remover
2009-08-08 12:08 . 2009-04-16 22:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 10:55 . 2009-04-21 21:22 10808 ----a-w- c:\documents and settings\John Doe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 15:21 . 2009-04-17 09:15 98304 ----a-w- c:\windows\DUMP76e5.tmp
2009-07-24 09:00 . 2009-04-16 22:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 17:47 . 2009-04-17 19:36 -------- d-----w- c:\documents and settings\John Doe\Application Data\Move Networks
2009-07-02 00:55 . 2009-04-17 09:15 90112 ----a-w- c:\windows\DUMP853d.tmp
2009-06-27 15:14 . 2009-06-06 16:38 2048 ----a-w- c:\windows\system32\Tr_sttool.dat
2009-06-18 18:12 . 2009-04-17 18:14 -------- d-----w- c:\program files\DivX
2009-06-09 08:47 . 2009-06-09 08:47 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2009-06-06 16:38 . 2009-06-06 16:38 692224 ----a-w- c:\windows\system32\bsrmgcv.dll
2009-06-06 16:38 . 2009-06-06 16:38 192512 ----a-w- c:\windows\system32\bsrmgps.dll
2009-06-06 16:38 . 2009-06-06 16:38 585728 ----a-w- c:\windows\system32\bsratswf.dll
2009-06-06 16:38 . 2009-06-06 16:38 147456 ----a-w- c:\windows\system32\bsratwmv.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2007-07-24 20:09 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\ntmssvc.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-16_08.14.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-08-16 16:43 . 2009-08-16 16:43 16384 c:\windows\Temp\Perflib_Perfdata_80.dat
+ 2009-08-16 10:46 . 2009-02-16 07:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-08-16 10:46 . 2008-11-17 09:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-08-16 10:46 . 2009-02-16 07:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 35208 c:\windows\system32\vswmi.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 58248 c:\windows\system32\vsregexp.dll
- 2009-04-16 21:52 . 2009-04-16 21:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-16 21:52 . 2009-08-16 15:20 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-16 10:36 . 2009-05-11 17:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-08-16 10:45 . 2009-08-16 10:45 62464 c:\windows\Installer\8bb047.msi
+ 2009-08-16 10:46 . 2009-02-16 07:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-08-16 10:46 . 2007-10-11 23:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-08-16 10:46 . 2008-11-17 09:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-08-16 10:46 . 2008-11-17 09:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-08-16 10:45 . 2009-02-05 01:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-08-16 10:46 . 2008-03-17 23:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 109960 c:\windows\system32\vsxml.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 482184 c:\windows\system32\vsutil.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-08-16 10:45 . 2009-02-16 07:10 229256 c:\windows\system32\vsinit.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-08-16 10:45 . 2009-02-16 07:10 110472 c:\windows\system32\vsdata.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-08-16 10:35 . 2009-08-16 10:35 228352 c:\windows\Installer\823b6e.msi
+ 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-08-16 10:46 . 2008-11-17 09:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-08-16 10:46 . 2009-02-16 07:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-16 10:46 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-08-16 10:46 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-09 1059720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Linksys Wireless Network Monitor.lnk - c:\program files\Linksys\WUSBF54G\wlMonitor.exe [2009-6-14 3205632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/16/2009 3:36 AM 108289]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;c:\program files\Linksys\WUSBF54G\NICServ.exe [6/14/2009 1:06 PM 529920]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [6/9/2009 1:47 AM 40576]
R3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [5/5/2009 9:18 AM 219648]
R3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [5/5/2009 9:19 AM 475264]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);c:\windows\system32\drivers\ZD1211U.sys [6/14/2009 1:06 PM 278528]
S2 FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe;c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart --> c:\docume~1\JOHNDO~1\LOCALS~1\Temp\IXP001.TMP\FAH.exe -svcstart [?]
S2 gupdate1c9bf8863d9adfc;Google Update Service (gupdate1c9bf8863d9adfc);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:14 AM 133104]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\docume~1\JOHNDO~1\APPLIC~1\Mozilla\Firefox\Profiles\g8ttv7fh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\John Doe\Application Data\Mozilla\Firefox\Profiles\g8ttv7fh.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\John Doe\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 01:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FAH@C:+DOCUME~1+JOHNDO~1+LOCALS~1+Temp+IXP001.TMP+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-73586283-2147019285-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,69,a9,ab,f9,d8,98,45,66,82,74,9d,ad,9f,a8,42,86,c8,5b,16,9d,
dc,32,d7,a3,87,86,f8,ef,84,28,4c,1b,c0,de,e2,89,80,2b,f8,8a,ec,a7,a0,1c,d8,\
"rkeysecu"=hex:69,47,ec,71,f6,de,af,cf,2b,90,e4,90,fe,0e,c4,20
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-08-17 1:46
ComboFix-quarantined-files.txt 2009-08-17 08:46
ComboFix2.txt 2009-08-16 08:16

Pre-Run: 99,527,376,896 bytes free
Post-Run: 99,550,138,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

265

beani · Aug 18, 2009

Uninstalled/Re-downloaded latest versions:
Java
Flash
Adobe Reader

Ran ATF Cleaner on Main and Firefox

Currently waiting on Kaspersky's Scanner

7hours,15minutes,47seconds in... 48% >.<

So hopefully here soon I can post report +dds +attach.

Just wanted to let you know that I'm still here

beani · Aug 18, 2009

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 18, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 17, 2009 21:47:33
Records in database: 2642516
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Objects scanned: 54937
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 08:28:27

File name / Threat / Threats count
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\MyMusic\Audioslave - Original fire.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\John Doe\Desktop\Backup\Brandon's Stuff\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE Infected: Trojan-Downloader.Win32.Murlo.ahm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml71.dll.vir Infected: Trojan.Win32.FraudPack.qhy 1
K:\Media\Porn\Games\EGirl v.1.5 (full) 3D X game\EGirlInstaller_v1.5.EXE Infected: Trojan-Downloader.Win32.Murlo.ahm 1

Selected area has been scanned.

win32.tdss.rtk -no i-net, dev drives/disabled

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member