Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems after removing Windows Security Pro


  • Please log in to reply
5 replies to this topic

#1 roushguy

roushguy

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 24 September 2009 - 09:22 AM

After I removed Windows Security Pro via a guide I found here, using a program called MalwareByte's Anti-Malware, I am seeing repeating problematic-sounding popups saying that "The application or DLL globalroot\systemroot\system32\gasfkyecfmqvky.dll is not a valid Windows image. Please check this against your installation diskette. The popup is titled with whatever program I'm trying to run, for instance, MalwareByte's Anti-Malware's error window says mbam.exe - Bad Image. Can anyone tell me how to get rid of these problem without re-installing Windows, or am I just kinda done for?

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:40 PM

Posted 24 September 2009 - 09:41 PM

You still have it



Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 roushguy

roushguy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 26 September 2009 - 02:33 AM

The Win32kDiag:

Running from: C:\Documents and Settings\Ace\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ace\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!


The cmd log:

Volume in drive C has no label.
Volume Serial Number is D8A9-F595

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 06:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 05:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/14/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/14/2008 05:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 4,477,083,648 bytes free




I also looked at the log of MBAM, and it also contained virii from mywebsearch. In case that also helps. ( I had never noticed the MyWebSearch before, didn't know about it)

Edited by roushguy, 26 September 2009 - 02:35 AM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:40 PM

Posted 26 September 2009 - 06:11 PM

Please download SREng2 (System Repair Engineer) and save to your desktop.
  • Create a new folder on your hard drive called Sreng2 (C:\Sreng2) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on SREngLdr.EXE to launch it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan from the left pane.
  • Leave all options checked to include Verify the digital signature of process modules (default).
  • Click the Scan button at the bottom right corner.
  • Please be patient as the scan will take a few minutes.
  • When the scan is complete, click on the Save Reports button to save the SREngLOG.log to the SREeng folder (C:\SREng) or your Desktop.
  • Click Close and exit SREng.
  • Copy and paste the contents of SREngLOG.log in your next reply.
Note: The log can be long and you may need several posts to post all of it. If you're using a custom HOSTS file, edit out the HOSTS File section, as it will make the log too long for posting.[/color]
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 roushguy

roushguy
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 26 September 2009 - 11:40 PM

2009-09-27,00:36:39



System Repair Engineer 2.8.1.1279

Smallfrogs (http://www.KZTechs.com)



Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed



Follow item(s) have been selected:

	All Boot Items (Including Registry, Startup Folders, Services and so on)

	Browser Add-ons

	Running Processes (Including process model information)

	File Associations

	Winsock Provider

	Autorun.Inf

	HOSTS File

	Process Privileges Scan

	Scheduled Tasks

	Windows Security Update Check

	API HOOK

	Hidden Process





Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

	<Aim6><"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL>  [(Verified)Microsoft Windows Component Publisher]

	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)Google Inc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<load><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]

	<mmtask><c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe>  [TODO: <Company name>]

	<PDVDDXSrv><"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe">  [CyberLink Corp.]

	<wcmdmgr><C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch>  [WildTangent, Inc.]

	<My Web Search Bar><rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S>  [File is missing]

	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]

	<Malwarebytes Anti-Malware (reboot)><"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript>  [(Verified)Malwarebytes Corporation]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<AppInit_DLLs><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]

	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

	<Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

	<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]

	<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

	<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Control Panel\Desktop]

	<SCRNSAVE.EXE><C:\WINDOWS\system32\sspipes.scr>  [(Verified)Microsoft Windows Component Publisher]



==================================

Startup Folders

N/A



==================================

Services

[Google Update Service (gupdate) / gupdate][Stopped/Auto Start]

  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>

[Google Software Updater / gusvc][Stopped/Manual Start]

  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]

  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>

[My Web Search Service / MyWebSearchService][Stopped/Auto Start]

  <C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe><(File is missing)>

[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]

  <"C:\Program Files\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>



==================================

Drivers

[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]

  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>

[EagleNT / EagleNT][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>

[ialm / ialm][Running/Manual Start]

  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>

[OMCI / OMCI][Running/System Start]

  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[Secdrv / Secdrv][Stopped/Manual Start]

  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[senfilt / senfilt][Running/Manual Start]

  <system32\drivers\senfilt.sys><Creative Technology Ltd.>

[smwdm / smwdm][Running/Manual Start]

  <system32\drivers\smwdm.sys><Analog Devices, Inc.>

[USBIO Driver (usbio.sys) / USBIO][Stopped/Manual Start]

  <System32\Drivers\usbio.sys><Thesycon GmbH, Germany>



==================================

Browser Add-ons

[&Yahoo! Toolbar Helper]

  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll, (Signed) BitComet>

[AOLSearchHook Class]

  {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} <C:\Program Files\AIM Search\AOLSearch.dll, (Signed) America Online, Inc.>

[Google Toolbar Helper]

  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>

[AIM Toolbar Loader]

  {b0cda128-b425-4eef-a174-61a11ac5dbf8} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>

[SingleInstance Class]

  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>

[AIM Toolbar]

  {0b83c99c-1efa-4259-858f-bcb33e007a5b} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>

[BitComet]

  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>

[Yahoo! Toolbar]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>

[AIM Toolbar]

  {61539ecd-cc67-4437-a03c-9aaccbd14326} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>

[Google Toolbar]

  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>

[Java Plug-in 1.6.0_15]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[]

  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >

[Java Plug-in 1.6.0_04]

  {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_06]

  {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>

[&Yahoo! Toolbar Helper]

  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >

[]

  {0B83C99C-1EFA-4259-858F-BCB33E007A5B} <, >

[Google Toolbar]

  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>

[DHTML Edit Control Safe for Scripting for IE5]

  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>

[HtmlDlgSafeHelper Class]

  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>

[BitComet Helper]

  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll, (Signed) BitComet>

[Microsoft Terminal Services Client Control (redist)]

  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[AOLSearchHook Class]

  {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} <C:\Program Files\AIM Search\AOLSearch.dll, (Signed) America Online, Inc.>

[AIM Toolbar]

  {61539ECD-CC67-4437-A03C-9AACCBD14326} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Microsoft Terminal Services Client Control (redist)]

  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>

[Microsoft Terminal Services Client Control (redist)]

  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>

[Google Toolbar Helper]

  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll, (Signed) Google Inc.>

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>

[AIM Toolbar Loader]

  {B0CDA128-B425-4EEF-A174-61A11AC5DBF8} <C:\Program Files\AIM Toolbar\aimtb.dll, (Signed) AOL LLC.>

[RDS.DataSpace]

  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll, (Signed) Google Inc.>

[Adobe PDF Reader]

  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>

[]

  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>

[Yahoo! Toolbar]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

[SingleInstance Class]

  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>

[&AIM Toolbar Search]

  <C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html, N/A>

[&D&ownload &with BitComet]

  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>

[&D&ownload all video with BitComet]

  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>

[&D&ownload all with BitComet]

  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>

[&Search]

  <, >



==================================

Running Processes

[PID: 560 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 608 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]

[PID: 676 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]

[PID: 688 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

[PID: 852 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 916 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1016 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1104 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1396 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

[PID: 1500 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1616 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]

	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

[PID: 1728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1832 / SYSTEM][C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe]  [Google Inc., 1.2.183.7]

	[C:\Program Files\Google\Update\1.2.183.7\goopdate.dll]  [Google Inc., 1.2.183.7]

[PID: 1944 / SYSTEM][C:\Program Files\Viewpoint\Common\ViewpointService.exe]  [Viewpoint Corporation, 2, 0, 0, 54]

[PID: 372 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

[PID: 2936 / Ace][C:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]

[PID: 3908 / Ace][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]

	[C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll]  [Sun Microsystems, Inc., 2.03]

	[C:\Program Files\OpenOffice.org 2.4\program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll]  [STLport Consulting, Inc., 4.5.2003.0120]

	[C:\Program Files\OpenOffice.org 2.4\program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]

[PID: 1736 / Ace][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]

[PID: 3284 / Ace][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 5, 2, 0, 5]

	[C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 5, 2, 3, 000]

	[C:\WINDOWS\system32\EDCrypt.DLL]  [Analog Devices Incorporated, 1.0.0.8]

[PID: 3516 / Ace][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3889]

	[C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3889]

[PID: 3760 / Ace][C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe]  [TODO: <Company name>, 1.0.0.1]

	[C:\Program Files\MusicMatch\MusicMatch Jukebox\MMVCP70.dll]  [Sample Corporation, 7.00.0000]

	[C:\Program Files\MusicMatch\MusicMatch Jukebox\MMVCR70.dll]  [Sample Corporation, 7.00.0000]

[PID: 3388 / Ace][C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe]  [CyberLink Corp., 4, 5, 0, 0]

	[C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\CyberLink\PowerDVD DX\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\Program Files\CyberLink\PowerDVD DX\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\MFC71ENU.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll]  [CyberLink Corp., 4.07.2129]

[PID: 2116 / Ace][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]

[PID: 3600 / Ace][C:\Program Files\AIM6\aim6.exe]  [AOL LLC, 1.4.9.1]

	[C:\Program Files\AIM6\xprt5.dll]  [AOL LLC, 5.2.7.5225]

	[C:\Program Files\AIM6\AOLSvcMgr.dll]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\xprt6.dll]  [AOL LLC, 6.8.3.6195]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.15.2]

	[c:\program files\aim6\services\notification\ver7_1_1_1\Notify.dll]  [AOL LLC, 7.1.1.1]

	[c:\program files\aim6\services\imApp\ver6_9_15_1\imAppService.dll]  [AOL LLC, 6.9.15.1]

	[C:\Program Files\AIM6\acccore.dll]  [AOL LLC, 1.8.1.2187]

	[C:\Program Files\AIM6\coolcore57.dll]  [AOL LLC, 5.7.1.6195]

	[C:\Program Files\AIM6\image.dll]  [AOL LLC, 1, 0, 0, 1]

	[c:\program files\aim6\services\preferences\ver6_1_1_1\preferences.dll]  [AOL LLC, 6.1.1.1]

	[c:\program files\aim6\services\localStorage\ver8_1_1_1\clsSvc.dll]  [AOL LLC, 8.1.1.1]

	[c:\program files\aim6\services\osInfo\ver2_1_1_1\OSInfo.dll]  [AOL LLC, 2.1.1.1]

	[c:\program files\aim6\services\osInfo\ver2_1_1_1\AOLIdleMon.dll]  [AOL LLC, 2.1.1.1]

[PID: 1592 / Ace][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 4, 1, 509, 1944]

	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\gtn.dll]  [Google Inc., 5, 3, 4501, 1418]

	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll]  [Google Inc., 5, 3, 4501, 1418]

[PID: 2536 / Ace][C:\WINDOWS\wt\updater\wcmdmgr.exe]  [WildTangent, Inc., 1.5.1.36]

[PID: 2272 / Ace][C:\Program Files\zMUD\Zmud.exe]  [Zugg Software, 7.21.0.0]

[PID: 2672 / Ace][C:\Program Files\zMUD\Zmud.exe]  [Zugg Software, 7.21.0.0]

	[C:\Program Files\zMUD\DWSW32.DLL]  [N/A, ]

	[C:\Program Files\zMUD\ZMUDAPI.DLL]  [N/A, ]

	[C:\Program Files\zMUD\sqlite.dll]  [N/A, ]

[PID: 3260 / Ace][C:\Program Files\AIM6\aolsoftware.exe]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\AOLSvcMgr.dll]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\xprt6.dll]  [AOL LLC, 6.8.3.6195]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.15.2]

	[c:\program files\aim6\services\notification\ver7_1_1_1\Notify.dll]  [AOL LLC, 7.1.1.1]

	[c:\program files\aim6\services\localStorage\ver8_1_1_1\clsSvc.dll]  [AOL LLC, 8.1.1.1]

[PID: 1252 / Ace][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]

	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]

	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]

	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.3.1]

	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]

	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.14]

	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]

	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]

[PID: 2620 / Ace][C:\Documents and Settings\Ace\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]

[PID: 2392 / Ace][C:\Documents and Settings\Ace\Desktop\sreng2\SREc9389cb1.EXE]  [Smallfrogs Studio, 2.8.1.1279]

	[C:\Documents and Settings\Ace\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]



==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock Provider

N/A



==================================

Autorun.Inf

N/A



==================================

HOSTS File

127.0.0.1	   localhost



==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3760, C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMTASK.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3388, C:\PROGRAM FILES\CYBERLINK\POWERDVD DX\PDVDDXSRV.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2536, C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2272, C:\PROGRAM FILES\ZMUD\ZMUD.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2672, C:\PROGRAM FILES\ZMUD\ZMUD.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2620, C:\DOCUMENTS AND SETTINGS\ACE\DESKTOP\SRENG2\SRENGLDR.EXE]



==================================

Scheduled Tasks

[Enabled] GoogleUpdateTaskMachineUA.job

		C:\Program Files\Google\Update\GoogleUpdate.exe 

[Enabled] GoogleUpdateTaskMachineCore.job

		C:\Program Files\Google\Update\GoogleUpdate.exe 



==================================

Windows Security Update Check

 Microsoft .NET Framework version 1.1 

KB940157,  Windows Search 4.0 for Windows XP (KB940157) 

KB943729,  Group Policy Preference Client Side Extensions for Windows XP (KB943729) 

KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 

KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 

KB944036,  Internet Explorer 8 for Windows XP 

KB931125,  Update for Root Certificates [September 2009] (KB931125) 



==================================

API HOOK

N/A



==================================

Hidden Process

N/A



==================================


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:40 PM

Posted 27 September 2009 - 06:54 PM

Now that you were successful in creating aSRE log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users