Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defebrillator Anyone?


  • This topic is locked This topic is locked
24 replies to this topic

#1 kagenoyuen

kagenoyuen

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 09 November 2006 - 03:17 PM

Ok I am infected a toolbar called Mirar. On top of that, my Add/Remove programs won't open because it says it is being used by another file. The same message pops up when I try to touch the clock on my desktop system tray. I did a hijackthis and this is the log. Help would be greatly appreciated.




Logfile of HijackThis v1.99.1
Scan saved at 15:11, on 06-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\boymekfb.dll
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - C:\WINDOWS\system32\noijfyfy.dll (file missing)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - C:\WINDOWS\system32\zfivthne.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [7P9Rjomb] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [feaECInAf] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [qF5U3qh] ltecrt40.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [AutoLoaderqsuo1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe" /HideDir /HideUninstall /PC="CP.RAZR" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [AutoLoaderqsue1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Wdgnhbck] C:\Program Files\Tpnpfpo\Lbov.exe
O4 - HKLM\..\Run: [dnt8dfc2] RUNDLL32.EXE w1a97ac1.dll,n 0058dfbd000000021a97ac1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Robert\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\De'Nine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O15 - Trusted Zone: www.x3movie.com
O15 - Trusted Zone: http://www.x3movie.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136734804198
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\h20q0cd5ef0.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 10 November 2006 - 10:02 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware scan report along with a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 11 November 2006 - 04:57 PM

Ok, what had happened was, I did the AVG scan but and I quarantined everything that was wrong but the report didn't get saved. Is there any possible way to get a report after you missed the chance to get it? But I do have the Hijackthis report. Please tell me that I can still fix what is wrong. Because I still cannot open anything in the control panel (add/remove progs, time/date, etc.)

Logfile of HijackThis v1.99.1
Scan saved at 16:51, on 06-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\boymekfb.dll
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - C:\WINDOWS\system32\noijfyfy.dll (file missing)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - C:\WINDOWS\system32\zfivthne.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [7P9Rjomb] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [feaECInAf] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [qF5U3qh] ltecrt40.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [AutoLoaderqsuo1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe" /HideDir /HideUninstall /PC="CP.RAZR" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [AutoLoaderqsue1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Wdgnhbck] C:\Program Files\Tpnpfpo\Lbov.exe
O4 - HKLM\..\Run: [dnt8dfc2] RUNDLL32.EXE w1a97ac1.dll,n 0058dfbd000000021a97ac1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Spyware-Cop] "C:\PROGRA~1\SPYWAR~2\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Robert\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\De'Nine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O15 - Trusted Zone: www.x3movie.com
O15 - Trusted Zone: http://www.x3movie.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136734804198
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\h20q0cd5ef0.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 12 November 2006 - 09:37 PM

Open AVG Antispyware and click the Reports button at the top. Select the most recent report and click Save report as. Or you can just hilight the text in the report, copy it and paste it here in your next reply.


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\boymekfb.dll
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - C:\WINDOWS\system32\noijfyfy.dll (file missing)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - C:\WINDOWS\system32\zfivthne.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [7P9Rjomb] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [feaECInAf] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaYC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [qF5U3qh] ltecrt40.exe
O4 - HKLM\..\Run: [7P9Rjom*aaaaaC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uwjtpf.exe
O4 - HKLM\..\Run: [AutoLoaderqsuo1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe" /HideDir /HideUninstall /PC="CP.RAZR" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [AutoLoaderqsue1WcUKKXK] "C:\WINDOWS\system32\megetmgr.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] E:\SETUP.EXE 2***
O4 - HKLM\..\Run: [Wdgnhbck] C:\Program Files\Tpnpfpo\Lbov.exe
O4 - HKLM\..\Run: [dnt8dfc2] RUNDLL32.EXE w1a97ac1.dll,n 0058dfbd000000021a97ac1
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O15 - Trusted Zone: www.x3movie.com
O15 - Trusted Zone: http://www.x3movie.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\h20q0cd5ef0.dll (file missing)



===============


Download the TV Media removal tool from here.
http://www.bleepingcomputer.com/files/tvmedia.php

Run it and follow the prompts.


===============


Reboot and post a new hijackthis log as well as the log from AVG.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 November 2006 - 03:44 PM

This report is not from the original scan...sorry...
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:06 06-11-12

+ Scan result:



HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\_hsrb -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\_hsrb\kkws -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\_hsrb\ppops -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\_hsrb\ssites -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb\ccc -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb\eee -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb\rrr -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb\ttt -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\hsb\www -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR\Config -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR\Config\megaseartb0300 -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR\Options -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR\Reports -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\MEGASEAR TOOLBAR\Reports\38391 -> Adware.Megasear : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\PowerScan -> Adware.PowerScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-823518204-1563985344-1060284298-1005\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Adware.WebRebates : Cleaned with backup (quarantined).


::Report end

Here is the Hijackthis scan
Logfile of HijackThis v1.99.1
Scan saved at 15:41, on 06-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - (no file)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Robert\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\De'Nine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136734804198
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 13 November 2006 - 05:46 PM

That's ok. It shows me that it has successfully removed any files that it found.

Fix these lines with hijackthis.

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - (no file)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - (no file)
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab



Reboot your computer.




Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 13 November 2006 - 11:08 PM

Done with that and here is the Combofix log.

Robert - 06-11-13 22:28:28.27 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Robert\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


2006-11-12 19:22 2,855 --a------ C:\WINDOWS\system32\rundll32.PIF
2006-11-12 16:55 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2006-11-11 08:15 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-09 07:56 192 --a------ C:\Documents and Settings\Robert\ggg.bat
2006-10-09 03:44 32,573 --a------ C:\WINDOWS\system32\brrot-uninst.exe
2006-10-09 03:39 1,233 --a------ C:\WINDOWS\system32\dnt8dfc2.sys
2006-10-09 03:38 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-09 03:37 217,840 --a------ C:\WINDOWS\justin-new.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 22:17 -------- d-------- C:\Program Files\HijackThis
2006-11-12 18:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-12 16:55 -------- d-------- C:\Program Files\Silkroad
2006-11-11 08:15 -------- d-------- C:\Program Files\Grisoft
2006-11-09 17:57 -------- d-------- C:\Program Files\xerox
2006-11-09 17:57 -------- d-------- C:\Program Files\msn gaming zone
2006-11-09 17:44 -------- d-------- C:\Program Files\Morpheus
2006-11-09 13:16 -------- d-------- C:\Program Files\MSN
2006-11-09 08:36 -------- d-------- C:\Documents and Settings\Robert\Application Data\Morpheus
2006-11-07 12:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-07 11:51 -------- d-------- C:\Program Files\Java
2006-11-06 19:18 -------- d-------- C:\Documents and Settings\Robert\Application Data\AdobeUM
2006-11-05 18:31 -------- d---s---- C:\Documents and Settings\Robert\Application Data\Microsoft
2006-11-05 18:12 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-11-05 18:12 -------- d-------- C:\Program Files\Illustrate
2006-11-02 14:12 48824 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-11-02 14:12 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-11-02 14:12 -------- d-------- C:\Program Files\Symantec
2006-10-26 14:45 -------- d-------- C:\Program Files\IMVU
2006-10-25 13:44 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 13:44 -------- d-------- C:\Program Files\QuickTime
2006-10-14 16:48 -------- d-------- C:\Program Files\Yahoo! Games
2006-10-13 12:39 -------- d-------- C:\Program Files\Windows Media Components
2006-10-13 12:37 -------- d-------- C:\Program Files\MSN Webcam Recorder
2006-10-11 10:30 -------- d-------- C:\Program Files\iTunes
2006-10-11 10:29 -------- d-------- C:\Program Files\iPod
2006-10-11 10:22 -------- d-------- C:\Program Files\Apple Software Update
2006-10-11 10:14 -------- d-------- C:\Program Files\Windows Installer Clean Up
2006-10-11 09:52 -------- d-------- C:\Documents and Settings\Robert\Application Data\Yahoo!
2006-10-11 09:06 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-11 07:31 554 --a------ C:\WINDOWS\lvxgv.dll
2006-10-10 08:48 -------- d-------- C:\Program Files\Common Files
2006-10-10 08:34 -------- d-------- C:\Program Files\Windows Media Player
2006-10-10 08:34 -------- d-------- C:\Program Files\Outlook Express
2006-10-06 15:38 111262 --a------ C:\WINDOWS\system32\justin.exe
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"olenpc"="C:\\WINDOWS\\system32\\olenpc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Robert.job

Completion time: 06-11-13 22:33:06.06
C:\ComboFix.txt ... 06-11-13 22:33
C:\ComboFix2.txt ... 06-11-09 14:55

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 14 November 2006 - 07:58 AM

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


=============



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\olenpc.exe
    C:\WINDOWS\system32\justin.exe
    C:\WINDOWS\lvxgv.dll
    C:\WINDOWS\system32\rundll32.PIF
    C:\Documents and Settings\Robert\ggg.bat
    C:\WINDOWS\system32\brrot-uninst.exe
    C:\WINDOWS\system32\dnt8dfc2.sys
    C:\WINDOWS\hancerdoem.exe
    C:\WINDOWS\justin-new.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
==================



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 November 2006 - 02:55 AM

Here is the active scan


Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\data.~
Adware:adware/favoriteman Not disinfected c:\windows\system32\im64.dll
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Robert\Application Data\tvmcwrd.dll
Adware:adware/isearch Not disinfected c:\windows\delprot.log
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Spyware:spyware/commonname Not disinfected Windows Registry
Adware:adware/fisearch Not disinfected Windows Registry
Adware:adware/keenvalue Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Adware:adware/comedy-planet Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/megasearch Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Adware:Adware/WebHancer Not disinfected C:\!KillBox\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\!KillBox\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\!KillBox\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\!KillBox\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Paulette\Application Data\Mozilla\Firefox\Profiles\94o70q2o.default\cookies.txt[.mysearch.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Paulette\Application Data\Mozilla\Firefox\Profiles\94o70q2o.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Paulette\Application Data\Mozilla\Firefox\Profiles\94o70q2o.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Paulette\Cookies\paulette@atwola[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Paulette\Cookies\paulette@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Paulette\Local Settings\Temp\Cookies\paulette@drivecleaner[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\RO\Local Settings\Temp\Cookies\ro@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\RO\Local Settings\Temp\Cookies\ro@errorsafe[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\RO\Local Settings\Temp\Cookies\ro@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\RO\Local Settings\Temp\Cookies\ro@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\RO\Local Settings\Temp\Cookies\ro@www.errorsafe[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Robert\Cookies\robert@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Robert\Cookies\robert@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert\Cookies\robert@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert\Cookies\robert@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Robert\Cookies\robert@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Robert\Cookies\robert@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Robert\Cookies\robert@casalemedia[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Robert\Cookies\robert@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Robert\Cookies\robert@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Robert\Cookies\robert@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Robert\Cookies\robert@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Robert\Cookies\robert@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Robert\Cookies\robert@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Robert\Cookies\robert@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert\Cookies\robert@serving-sys[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Robert\Cookies\robert@tradedoubler[1].txt
Adware:Adware/Beginto Not disinfected C:\Program Files\Common Files\sysdir\bundles.exe[winbbb.dat]
Possible Virus. Not disinfected C:\Program Files\Silkroad\GameGuard\NPSCAN.DES
Adware:Adware/Beginto Not disinfected C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe






And here is the Hijackthis log. (I swear I fixed what you said to, but it is back somehow)
Logfile of HijackThis v1.99.1
Scan saved at 2:50:09 AM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - (no file)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Robert\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\De'Nine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136734804198
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 15 November 2006 - 06:25 PM

Use Killbox to delete these files.

c:\windows\system32\data.~
c:\windows\system32\im64.dll
C:\Documents and Settings\Robert\Application Data\tvmcwrd.dll
c:\windows\delprot.log
c:\windows\cdmxtras
C:\Program Files\Common Files\sysdir\bundles.exe
C:\Program Files\Silkroad\GameGuard\NPSCAN.DES
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe



================



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



================



Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
===============


Make sure all browsers and windows are closed, then fix these lines with Hijackthis.

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - (no file)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - (no file)



Reboot and post a new hijackthis log as well as the log from Counterspy.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 16 November 2006 - 05:53 PM

Here is the counterspy log

Spyware Scan Details
Start Date: 11/16/2006 4:14:29 PM
End Date: 11/16/2006 5:00:12 PM
Total Time: 45 mins 43 secs

Detected spyware

Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Infected files detected
c:\documents and settings\robert\my documents\morpheus shared\downloads\50 cent feat. fergie- london bridge (remix) 2.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bobby valentino - freaky.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bobby valentino - turn the page.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bobby valentino - wreck.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bobby_valentino_-_boy_shorts.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bow wow - wanted - 04 - fresh azimiz (feat j-kwon, jermaine dupri).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bow wow ft omarion -let me hold you down.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bow wow ft. chris brown - shorty like mine 2.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\bowwow ft.chris brown- shorty like mine.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ciara - gotta be (new bleep 2005).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ciara - looking at you 1.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ciara - ooh baby.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ciara feat. corner boys - insecure (new bleep 2006.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ciara-promise 1.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\fergie - london bridge oh bleep.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\janet jackson feat. khia - so excited 1.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\janet jackson feat. nelly - call on me.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\kelis - im bossy.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\kelis too short - bossy (dirty).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\lil bow wow feat. ciara - like you.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\lil jon (wildn out) london bridge remix.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ludacris - release therapy - 07 - end of the night (ft. bobby valentino).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\mike jones & paul wall - purple drank.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\monica - hell no feat twista.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\monica - why her (produced by jermaine dupri).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\monica and tyrese - go to bed mad.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\monica feat. dem franchise boyz - beat drop.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\rayj feat.ciara girlfreind.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\shareefa ft ludacris - i need a boss (dirty)(1).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\t pain ft. akon- you got me.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\ti ft. paul wall - killin me 1.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\torrents\removed\boku_no_pico_1_yaoi_shota_anime_.avi[www.btmon.com].torrent
c:\documents and settings\robert\my documents\morpheus shared\downloads\twista ft ciara - so sexy part 2.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\weird al- white & nerdy.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\wierd al yankavich - make my boobies one more size.mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\wierd al yankovich - constipated (avril lavigne parody).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\wierd al yankovich - please don't wear that thong (thong song parody).mp3
c:\documents and settings\robert\my documents\morpheus shared\downloads\woody guthrie - i ain't got no home in this world anymore.mp3
c:\documents and settings\all users\start menu\programs\morpheus\morpheus.lnk
c:\documents and settings\all users\start menu\programs\morpheus\udpcrawl.tmp
c:\program files\morpheus\morphshellext.dll
c:\documents and settings\robert\application data\morpheus\audiorecent.m3u
c:\documents and settings\robert\application data\morpheus\chatservers.ini
c:\documents and settings\robert\application data\morpheus\chc0.cfg
c:\documents and settings\robert\application data\morpheus\log000.txt
c:\documents and settings\robert\application data\morpheus\morphblocked.net
c:\documents and settings\robert\application data\morpheus\morphcache.net
c:\documents and settings\robert\application data\morpheus\morphconfig.ini
c:\documents and settings\robert\application data\morpheus\morphproxy.net
c:\documents and settings\robert\application data\morpheus\podcast.ini
c:\documents and settings\robert\application data\morpheus\settings0.cfg
c:\documents and settings\robert\application data\morpheus\sharedfiles.dat
c:\documents and settings\robert\application data\morpheus\videorecent.m3u
c:\documents and settings\robert\application data\morpheus\webcache.net
c:\documents and settings\robert\application data\microsoft\internet explorer\quick launch\morpheus.lnk

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{C630FBBF-E340-49DF-B4CB-06FB9EE34BB6}
HKEY_CLASSES_ROOT\AppID\{C630FBBF-E340-49DF-B4CB-06FB9EE34BB6} DeskBandSearch
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E}
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E}\InprocServer32 C:\Program Files\Morpheus\Proto.dll
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E}\ProgID Proto.ResourceProtocol.1
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E}\TypeLib {2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E}\VersionIndependentProgID Proto.ResourceProtocol
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E} ResourceProtocol Class
HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E} AppID {1E280034-9463-4458-B23D-7EDADE25D77A}
HKEY_CLASSES_ROOT\Morpheus
HKEY_CLASSES_ROOT\Morpheus\DefaultIcon "C:\Program Files\Morpheus\Morpheus.exe"
HKEY_CLASSES_ROOT\Morpheus\shell\open\command "C:\Program Files\Morpheus\Morpheus.exe" "%1"
HKEY_CLASSES_ROOT\Morpheus URL: Morpheus Protocol
HKEY_CLASSES_ROOT\Morpheus URL Protocol
HKEY_CLASSES_ROOT\morpheustorrent
HKEY_CLASSES_ROOT\morpheustorrent\DefaultIcon c:\program files\streamcast\morpheus\Torrent.ico
HKEY_CLASSES_ROOT\morpheustorrent\shell\open\command "C:\Program Files\StreamCast\Morpheus\morpheus.exe" "%1"
HKEY_CLASSES_ROOT\morpheustorrent\shell open
HKEY_CLASSES_ROOT\morpheustorrent TORRENT File
HKEY_CLASSES_ROOT\morpheustorrent EditFlags hex:00,00,01,00
HKEY_CURRENT_USER\Software\Morpheus
HKEY_CURRENT_USER\Software\Morpheus\feed
HKEY_CURRENT_USER\Software\Morpheus\feed defaulticon
HKEY_CURRENT_USER\Software\Morpheus\feed command
HKEY_CURRENT_USER\Software\Morpheus\feed URL Protocol
HKEY_CURRENT_USER\Software\Morpheus\feed type 1
HKEY_CURRENT_USER\Software\Morpheus\GUI CloseOnExit 1
HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListShuffle 0
HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListRepeat 1
HKEY_CURRENT_USER\Software\Morpheus\GUI VideoShuffle 0
HKEY_CURRENT_USER\Software\Morpheus\GUI VideoRepeat 1
HKEY_CURRENT_USER\Software\Morpheus\GUI MainFrameCX 0
HKEY_CURRENT_USER\Software\Morpheus\GUI MainFrameCY 0
HKEY_CURRENT_USER\Software\Morpheus\GUI Transfers::CancelDialog::DontAsk 6
HKEY_CURRENT_USER\Software\Morpheus\Location Country
HKEY_CURRENT_USER\Software\Morpheus\Location City
HKEY_CURRENT_USER\Software\Morpheus\morphmagnet
HKEY_CURRENT_USER\Software\Morpheus\morphmagnet defaulticon
HKEY_CURRENT_USER\Software\Morpheus\morphmagnet command
HKEY_CURRENT_USER\Software\Morpheus\morphmagnet URL Protocol
HKEY_CURRENT_USER\Software\Morpheus\morphmagnet type 1
HKEY_CURRENT_USER\Software\Morpheus\morphpodcast .pcast Handler iTunes.pcast
HKEY_CURRENT_USER\Software\Morpheus\morphpodcast .pcast Type 0
HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Handler
HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Type 1
HKEY_CURRENT_USER\Software\Morpheus\mpodcast
HKEY_CURRENT_USER\Software\Morpheus\mpodcast defaulticon
HKEY_CURRENT_USER\Software\Morpheus\mpodcast command
HKEY_CURRENT_USER\Software\Morpheus\mpodcast URL Protocol
HKEY_CURRENT_USER\Software\Morpheus\mpodcast type 1
HKEY_CURRENT_USER\Software\Morpheus\podcast
HKEY_CURRENT_USER\Software\Morpheus\podcast defaulticon
HKEY_CURRENT_USER\Software\Morpheus\podcast command
HKEY_CURRENT_USER\Software\Morpheus\podcast URL Protocol
HKEY_CURRENT_USER\Software\Morpheus\podcast type 1
HKEY_CURRENT_USER\Software\Morpheus TryToUseUPNP 0
HKEY_CURRENT_USER\Software\Morpheus SearchIconSpinTimeout 120000
HKEY_CURRENT_USER\Software\Morpheus MQ_G2Net 5
HKEY_CURRENT_USER\Software\Morpheus MQ_GnutellaNet 5
HKEY_CURRENT_USER\Software\Morpheus MQ_NeoNet 3
HKEY_CURRENT_USER\Software\Morpheus MQ_UnknownNet 10
HKEY_CURRENT_USER\Software\Morpheus IconCacheLocation IconCache\
HKEY_CURRENT_USER\Software\Morpheus First_Run 100
HKEY_CURRENT_USER\Software\Morpheus allowmaximizewhenopen 1
HKEY_CURRENT_USER\Software\Morpheus SearchToolTip 1
HKEY_CURRENT_USER\Software\Morpheus PlayStartupSound 1
HKEY_CURRENT_USER\Software\Morpheus TrayOnMinimize 1
HKEY_CURRENT_USER\Software\Morpheus TrayOnClose 0
HKEY_CURRENT_USER\Software\Morpheus ClearSearchHistoryOnExit 1
HKEY_CURRENT_USER\Software\Morpheus enablesearchhistory 0
HKEY_CURRENT_USER\Software\Morpheus NoBannerVerionDownloadStarted 0
HKEY_CURRENT_USER\Software\Morpheus ShowSearchesInHome 0
HKEY_CURRENT_USER\Software\Morpheus SetExtAssociation 0
HKEY_CURRENT_USER\Software\Morpheus UseProxyForDownload 0
HKEY_CURRENT_USER\Software\Morpheus DefaultProxy
HKEY_CURRENT_USER\Software\Morpheus ChatColorScheme 2
HKEY_CURRENT_USER\Software\Morpheus PaidVerExeName
HKEY_CURRENT_USER\Software\Morpheus IsWipeUsed 0
HKEY_CURRENT_USER\Software\Morpheus AutoupdateWebCache 0
HKEY_CURRENT_USER\Software\Morpheus WebCacheURL
HKEY_CURRENT_USER\Software\Morpheus NodeCapability 1
HKEY_CURRENT_USER\Software\Morpheus NodeCapabilityG2 6
HKEY_CURRENT_USER\Software\Morpheus MaxPaidResults 5
HKEY_CURRENT_USER\Software\Morpheus BTUpCount 0
HKEY_CURRENT_USER\Software\Morpheus BTBUpload 0
HKEY_CURRENT_USER\Software\Morpheus BTUpCountEnable 0
HKEY_CURRENT_USER\Software\Morpheus BTBUploadEnable 0
HKEY_CURRENT_USER\Software\Morpheus ClearCompletedDownloadsOnExit 1
HKEY_CURRENT_USER\Software\Morpheus BTLowerPortEnable 0
HKEY_CURRENT_USER\Software\Morpheus BTLowerPort 4925
HKEY_CURRENT_USER\Software\Morpheus BTHighPort 5023
HKEY_CURRENT_USER\Software\Morpheus OpenwithinMorpheus 1
HKEY_CURRENT_USER\Software\Morpheus ClearVideoHistoryonStart 1
HKEY_CURRENT_USER\Software\Morpheus ClearAudioHistoryonStart 1
HKEY_CURRENT_USER\Software\Morpheus HandleMagnet 1
HKEY_CURRENT_USER\Software\Morpheus HandleTorrent 1
HKEY_CURRENT_USER\Software\Morpheus HandleMagnetDontShow 0
HKEY_CURRENT_USER\Software\Morpheus HandleTorrentDontShow 0
HKEY_CURRENT_USER\Software\Morpheus PRCode 0
HKEY_CURRENT_USER\Software\Morpheus CurName -1
HKEY_CURRENT_USER\Software\Morpheus PRPassword
HKEY_CURRENT_USER\Software\Morpheus SkinPath
HKEY_CURRENT_USER\Software\Morpheus MoreSearchID 0
HKEY_CURRENT_USER\Software\Morpheus SyncITunes 1
HKEY_CLASSES_ROOT\AppID\{1E280034-9463-4458-B23D-7EDADE25D77A}
HKEY_CLASSES_ROOT\AppID\{1E280034-9463-4458-B23D-7EDADE25D77A} PluggableIP
HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74} M5Shell
HKEY_CLASSES_ROOT\AppID\M5Shell.DLL
HKEY_CLASSES_ROOT\AppID\M5Shell.DLL AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\AppID\Proto.DLL
HKEY_CLASSES_ROOT\AppID\Proto.DLL AppID {1E280034-9463-4458-B23D-7EDADE25D77A}
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}\ProgID DataAccess.ResultsetAdapterFactory.1
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2}\VersionIndependentProgID DataAccess.ResultsetAdapterFactory
HKEY_CLASSES_ROOT\CLSID\{0C0423F7-7A04-4D32-9BDC-006DB1D0A1E2} ResultsetAdapterFactory Class
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}\ProgID M5ShellLib.AppServices.1
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C}\VersionIndependentProgID M5ShellLib.AppServices
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C} AppServices Class
HKEY_CLASSES_ROOT\CLSID\{0D568FFD-296A-4906-B2AA-0ACEC8C15B2C} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}\ProgID M5ShellLib.Images.1
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC}\VersionIndependentProgID M5ShellLib.Images
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC} Images Class
HKEY_CLASSES_ROOT\CLSID\{11FB1B30-ABB9-4A77-A237-538C7F465EEC} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}\ProgID M5ShellLib.Headers.1
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9}\VersionIndependentProgID M5ShellLib.Headers
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9} Headers Class
HKEY_CLASSES_ROOT\CLSID\{1BC5B47C-5D81-4370-8A72-B8A9B2B610D9} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}\ProgID M5ShellLib.Searches.1
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B}\VersionIndependentProgID M5ShellLib.Searches
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B} Searches Class
HKEY_CLASSES_ROOT\CLSID\{1E3C6834-7B22-4787-AE1C-A750D0FA0D6B} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}\ProgID M5ShellLib.NetController.1
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121}\VersionIndependentProgID M5ShellLib.NetController
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121} NetController Class
HKEY_CLASSES_ROOT\CLSID\{2313B221-9F3C-405E-B143-AB47887C3121} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}\ProgID DataAccess.Column.1
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}\VersionIndependentProgID DataAccess.Column
HKEY_CLASSES_ROOT\CLSID\{24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6} Column Class
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}\ProgID M5ShellLib.Meta.1
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8}\VersionIndependentProgID M5ShellLib.Meta
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8} Meta Class
HKEY_CLASSES_ROOT\CLSID\{26D18B46-800B-4C55-977F-B69E45064ED8} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}\ProgID M5ShellLib.Metas.1
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E}\VersionIndependentProgID M5ShellLib.Metas
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E} Metas Class
HKEY_CLASSES_ROOT\CLSID\{31D94EC3-16B4-4398-92A3-04974163124E} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}\ProgID M5ShellLib.Peer.1
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F}\VersionIndependentProgID M5ShellLib.Peer
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F} Peer Class
HKEY_CLASSES_ROOT\CLSID\{324463FD-4238-4B56-93AD-09337F0AC59F} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}\ProgID M5ShellLib.Filters.1
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838}\VersionIndependentProgID M5ShellLib.Filters
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838} Filters Class
HKEY_CLASSES_ROOT\CLSID\{3B27374C-5310-48ED-B8B5-291E7FE4B838} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}\ProgID M5ShellLib.ResponseHeaders.1
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363}\VersionIndependentProgID M5ShellLib.ResponseHeaders
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363} ResponseHeaders Class
HKEY_CLASSES_ROOT\CLSID\{3F01122F-0C9A-4621-A7FD-99C6EFAE8363} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}\ProgID DataAccess.PluggableProtocol.1
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD}\VersionIndependentProgID DataAccess.PluggableProtocol
HKEY_CLASSES_ROOT\CLSID\{430106F1-5EF4-4D2E-8C52-7E3CEAB65DBD} PluggableProtocol Class
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}\ProgID DataAccess.MyFilesRow.1
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0}\VersionIndependentProgID DataAccess.MyFilesRow
HKEY_CLASSES_ROOT\CLSID\{444BEA16-E6DF-45AF-A4D4-B0F81ABA7CA0} MyFilesRow Class
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}\ProgID DataAccess.Row.1
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252}\VersionIndependentProgID DataAccess.Row
HKEY_CLASSES_ROOT\CLSID\{477AC035-C5D3-43CC-A24C-5925D217C252} Row Class
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}\ProgID M5ShellLib.Sources.1
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE}\VersionIndependentProgID M5ShellLib.Sources
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE} Sources Class
HKEY_CLASSES_ROOT\CLSID\{4CC764A2-B256-4DA9-94FB-537D633E7DCE} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}\ProgID M5ShellLib.M5ChatEngine.1
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3}\VersionIndependentProgID M5ShellLib.M5ChatEngine
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3} M5ChatEngine Class
HKEY_CLASSES_ROOT\CLSID\{4D42EA2E-9D32-4b07-AE00-8797C6B1BAA3} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}\ProgID M5ShellLib.Schemas.1
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0}\VersionIndependentProgID M5ShellLib.Schemas
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0} Schemas Class
HKEY_CLASSES_ROOT\CLSID\{513CA31C-93BB-422A-A5FD-63A8B7D21CE0} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}\ProgID DataAccess.MyFilesAdapterFactory.1
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73}\VersionIndependentProgID DataAccess.MyFilesAdapterFactory
HKEY_CLASSES_ROOT\CLSID\{51FC6685-6FA7-45CF-86E1-9605B9080F73} MyFilesAdapterFactory Class
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}\ProgID DataAccess.Sections.1
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638}\VersionIndependentProgID DataAccess.Sections
HKEY_CLASSES_ROOT\CLSID\{5FAD1E5E-E7DE-434F-B2AE-EE9244BDA638} Sections Class
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}\ProgID DataAccess.TransfersAdapter.1
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2}\VersionIndependentProgID DataAccess.TransfersAdapter
HKEY_CLASSES_ROOT\CLSID\{642D692A-C61C-4241-AF83-4FD8BDD715B2} TransfersAdapter Class
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}\ProgID M5ShellLib.Search.1
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4}\VersionIndependentProgID M5ShellLib.Search
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4} Search Class
HKEY_CLASSES_ROOT\CLSID\{65BEE5C4-37C8-447F-9707-CD7B21AD67E4} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}\ProgID M5ShellLib.Parameters.1
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794}\VersionIndependentProgID M5ShellLib.Parameters
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794} Parameters Class
HKEY_CLASSES_ROOT\CLSID\{703EFEAB-7F84-4BE9-B978-FF4C6A8BA794} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}\ProgID DataAccess.FilterColumn.1
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB}\VersionIndependentProgID DataAccess.FilterColumn
HKEY_CLASSES_ROOT\CLSID\{75CB2D18-1182-44F0-B510-491D7817F4CB} FilterColumn Class
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}\ProgID M5ShellLib.M5ChatServer.1
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C}\VersionIndependentProgID M5ShellLib.M5ChatServer
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C} M5ChatServer Class
HKEY_CLASSES_ROOT\CLSID\{80385330-087A-4d61-8956-BAEEE05CA33C} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}\ProgID M5ShellLib.WebSearch.1
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}\VersionIndependentProgID M5ShellLib.WebSearch
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1} WebSearch Class
HKEY_CLASSES_ROOT\CLSID\{814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}\ProgID M5ShellLib.Parameter.1
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77}\VersionIndependentProgID M5ShellLib.Parameter
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77} Parameter Class
HKEY_CLASSES_ROOT\CLSID\{8633B121-42DC-4A78-A8BD-651357771E77} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}\ProgID M5ShellLib.Field.1
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18}\VersionIndependentProgID M5ShellLib.Field
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18} Field Class
HKEY_CLASSES_ROOT\CLSID\{895C2476-7DDA-440E-B300-208DA45DCF18} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}\ProgID M5ShellLib.Query.1
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F}\VersionIndependentProgID M5ShellLib.Query
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F} Query Class
HKEY_CLASSES_ROOT\CLSID\{8A32E183-25EB-402F-82D5-D3E75215BF3F} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}\ProgID M5ShellLib.Network.1
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606}\VersionIndependentProgID M5ShellLib.Network
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606} Network Class
HKEY_CLASSES_ROOT\CLSID\{8EABEED3-993D-4FC9-BDC9-132DE204F606} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}\ProgID M5ShellLib.Uploads.1
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877}\VersionIndependentProgID M5ShellLib.Uploads
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877} Uploads Class
HKEY_CLASSES_ROOT\CLSID\{90A23A0D-C222-4016-A99A-57E56BD44877} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}\ProgID M5ShellLib.Networks.1
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2}\VersionIndependentProgID M5ShellLib.Networks
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2} Networks Class
HKEY_CLASSES_ROOT\CLSID\{92A77B10-8C47-4A73-8822-F13D5F5E2AC2} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}\ProgID DataAccess.ResultsetAdapter.1
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6}\VersionIndependentProgID DataAccess.ResultsetAdapter
HKEY_CLASSES_ROOT\CLSID\{947D05CA-CE16-40EE-9031-2C3C57F00AE6} ResultsetAdapter Class
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}\ProgID DataAccess.Preferences.1
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247}\VersionIndependentProgID DataAccess.Preferences
HKEY_CLASSES_ROOT\CLSID\{9C4B87BB-1C6D-4C1D-9447-A054C17BA247} Preferences Class
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}\ProgID DataAccess.FilterRow.1
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9}\VersionIndependentProgID DataAccess.FilterRow
HKEY_CLASSES_ROOT\CLSID\{9FDAD0C2-9FB3-47A4-8B30-C4FA2FADC9E9} FilterRow Class
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}\ProgID DataAccess.DataField.1
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}\VersionIndependentProgID DataAccess.DataField
HKEY_CLASSES_ROOT\CLSID\{A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A} DataField Class
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}\ProgID M5ShellLib.MetaValues.1
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB}\VersionIndependentProgID M5ShellLib.MetaValues
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB} MetaValues Class
HKEY_CLASSES_ROOT\CLSID\{A758E17B-86ED-498E-8C00-4BE44CFDDCAB} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}\ProgID DataAccess.MyFilesAdapter.1
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37}\VersionIndependentProgID DataAccess.MyFilesAdapter
HKEY_CLASSES_ROOT\CLSID\{AD221EED-B528-4A12-B15B-3C58F9640A37} MyFilesAdapter Class
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}\ProgID M5ShellLib.Upload.1
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094}\VersionIndependentProgID M5ShellLib.Upload
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094} Upload Class
HKEY_CLASSES_ROOT\CLSID\{BA20AECE-61D3-4912-BE15-DCACAB97D094} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}\ProgID M5ShellLib.Scheme.1
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448}\VersionIndependentProgID M5ShellLib.Scheme
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448} Scheme Class
HKEY_CLASSES_ROOT\CLSID\{C19543F1-160B-4582-B385-857A0C5A0448} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}\ProgID DataAccess.Section.1
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E}\VersionIndependentProgID DataAccess.Section
HKEY_CLASSES_ROOT\CLSID\{C4F11413-9084-45EB-B1FA-103F67E98F4E} Section Class
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}\ProgID DataAccess.TransfersAdapterFactory.1
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8}\VersionIndependentProgID DataAccess.TransfersAdapterFactory
HKEY_CLASSES_ROOT\CLSID\{C6041B9F-116B-4108-B343-45A979B506F8} TransfersAdapterFactory Class
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}\ProgID M5ShellLib.Request.1
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329}\VersionIndependentProgID M5ShellLib.Request
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329} Request Class
HKEY_CLASSES_ROOT\CLSID\{D24F6664-A567-46A9-8B51-7AFE94407329} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}\ProgID M5ShellLib.Requests.1
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A}\VersionIndependentProgID M5ShellLib.Requests
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A} Requests Class
HKEY_CLASSES_ROOT\CLSID\{D8E1617B-A1A1-4958-AD02-08D5AD9C5B6A} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}\ProgID M5ShellLib.Peers.1
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1}\VersionIndependentProgID M5ShellLib.Peers
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1} Peers Class
HKEY_CLASSES_ROOT\CLSID\{DB73AEF3-2E2E-430F-9E49-5F3943BD53B1} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}\ProgID M5ShellLib.Source.1
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655}\VersionIndependentProgID M5ShellLib.Source
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655} Source Class
HKEY_CLASSES_ROOT\CLSID\{DBB0E655-B5DF-4DF7-9A12-D0E577650655} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}\ProgID DataAccess.DetailAttributes.1
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}\VersionIndependentProgID DataAccess.DetailAttributes
HKEY_CLASSES_ROOT\CLSID\{DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D} DetailAttributes Class
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}\ProgID DataAccess.DetailAttribute.1
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB}\VersionIndependentProgID DataAccess.DetailAttribute
HKEY_CLASSES_ROOT\CLSID\{E1186645-3752-406C-A3B1-3E95D62964DB} DetailAttribute Class
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}\ProgID DataAccess.TransferRow.1
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC}\VersionIndependentProgID DataAccess.TransferRow
HKEY_CLASSES_ROOT\CLSID\{EF904337-9862-40DA-B448-C65F2D3F47DC} TransferRow Class
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}\ProgID M5ShellLib.M5ChatOptions.1
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298}\VersionIndependentProgID M5ShellLib.M5ChatOptions
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298} M5ChatOptions Class
HKEY_CLASSES_ROOT\CLSID\{F18B8B3D-5FD0-4b3a-B66D-F37282201298} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}\ProgID DataAccess.Cell.1
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4}\VersionIndependentProgID DataAccess.Cell
HKEY_CLASSES_ROOT\CLSID\{F54A208E-A072-4040-9F82-ADB9EAC503E4} Cell Class
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}\InprocServer32 C:\Program Files\Morpheus\M5Shell.dll
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}\ProgID M5ShellLib.Filter.1
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}\TypeLib {4A987127-EE51-4C87-AAC3-144294F54BE3}
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5}\VersionIndependentProgID M5ShellLib.Filter
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5} Filter Class
HKEY_CLASSES_ROOT\CLSID\{F9F17F21-1E3E-42BB-8DA3-FC51C616C2C5} AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\DataAccess.Cell
HKEY_CLASSES_ROOT\DataAccess.Cell\CLSID {F54A208E-A072-4040-9F82-ADB9EAC503E4}
HKEY_CLASSES_ROOT\DataAccess.Cell\CurVer DataAccess.Cell.1
HKEY_CLASSES_ROOT\DataAccess.Cell Cell Class
HKEY_CLASSES_ROOT\DataAccess.Cell.1
HKEY_CLASSES_ROOT\DataAccess.Cell.1\CLSID {F54A208E-A072-4040-9F82-ADB9EAC503E4}
HKEY_CLASSES_ROOT\DataAccess.Cell.1 Cell Class
HKEY_CLASSES_ROOT\DataAccess.Column
HKEY_CLASSES_ROOT\DataAccess.Column\CLSID {24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}
HKEY_CLASSES_ROOT\DataAccess.Column\CurVer DataAccess.Column.1
HKEY_CLASSES_ROOT\DataAccess.Column Column Class
HKEY_CLASSES_ROOT\DataAccess.Column.1
HKEY_CLASSES_ROOT\DataAccess.Column.1\CLSID {24D10ECA-8DD5-4A48-99D3-334C3DD9B6F6}
HKEY_CLASSES_ROOT\DataAccess.Column.1 Column Class
HKEY_CLASSES_ROOT\DataAccess.DataField
HKEY_CLASSES_ROOT\DataAccess.DataField\CLSID {A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}
HKEY_CLASSES_ROOT\DataAccess.DataField\CurVer DataAccess.DataField.1
HKEY_CLASSES_ROOT\DataAccess.DataField DataField Class
HKEY_CLASSES_ROOT\DataAccess.DataField.1
HKEY_CLASSES_ROOT\DataAccess.DataField.1\CLSID {A5B2CD2A-AA46-4DA8-8D06-AB56938DEC0A}
HKEY_CLASSES_ROOT\DataAccess.DataField.1 DataField Class
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute\CLSID {E1186645-3752-406C-A3B1-3E95D62964DB}
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute\CurVer DataAccess.DetailAttribute.1
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute DetailAttribute Class
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute.1
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute.1\CLSID {E1186645-3752-406C-A3B1-3E95D62964DB}
HKEY_CLASSES_ROOT\DataAccess.DetailAttribute.1 DetailAttribute Class
HKEY_CLASSES_ROOT\DataAccess.DetailAttributes
HKEY_CLASSES_ROOT\DataAccess.DetailAttributes\CLSID {DD5F1BAF-BEA2-48B2-97D2-F0622A0AB79D}
HKEY_CLASSES_ROOT\DataAccess.DetailAttributes\CurVer DataAccess.Det

#12 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 16 November 2006 - 05:56 PM

Continued
HKEY_CLASSES_ROOT\M5ShellLib.Source\CurVer M5ShellLib.Source.1
HKEY_CLASSES_ROOT\M5ShellLib.Source Source Class
HKEY_CLASSES_ROOT\M5ShellLib.Source.1
HKEY_CLASSES_ROOT\M5ShellLib.Source.1\CLSID {DBB0E655-B5DF-4DF7-9A12-D0E577650655}
HKEY_CLASSES_ROOT\M5ShellLib.Source.1 Source Class
HKEY_CLASSES_ROOT\M5ShellLib.Sources
HKEY_CLASSES_ROOT\M5ShellLib.Sources\CLSID {4CC764A2-B256-4DA9-94FB-537D633E7DCE}
HKEY_CLASSES_ROOT\M5ShellLib.Sources\CurVer M5ShellLib.Sources.1
HKEY_CLASSES_ROOT\M5ShellLib.Sources Sources Class
HKEY_CLASSES_ROOT\M5ShellLib.Sources.1
HKEY_CLASSES_ROOT\M5ShellLib.Sources.1\CLSID {4CC764A2-B256-4DA9-94FB-537D633E7DCE}
HKEY_CLASSES_ROOT\M5ShellLib.Sources.1 Sources Class
HKEY_CLASSES_ROOT\M5ShellLib.Upload
HKEY_CLASSES_ROOT\M5ShellLib.Upload\CLSID {BA20AECE-61D3-4912-BE15-DCACAB97D094}
HKEY_CLASSES_ROOT\M5ShellLib.Upload\CurVer M5ShellLib.Upload.1
HKEY_CLASSES_ROOT\M5ShellLib.Upload Upload Class
HKEY_CLASSES_ROOT\M5ShellLib.Upload.1
HKEY_CLASSES_ROOT\M5ShellLib.Upload.1\CLSID {BA20AECE-61D3-4912-BE15-DCACAB97D094}
HKEY_CLASSES_ROOT\M5ShellLib.Upload.1 Upload Class
HKEY_CLASSES_ROOT\M5ShellLib.Uploads
HKEY_CLASSES_ROOT\M5ShellLib.Uploads\CLSID {90A23A0D-C222-4016-A99A-57E56BD44877}
HKEY_CLASSES_ROOT\M5ShellLib.Uploads\CurVer M5ShellLib.Uploads.1
HKEY_CLASSES_ROOT\M5ShellLib.Uploads Uploads Class
HKEY_CLASSES_ROOT\M5ShellLib.Uploads.1
HKEY_CLASSES_ROOT\M5ShellLib.Uploads.1\CLSID {90A23A0D-C222-4016-A99A-57E56BD44877}
HKEY_CLASSES_ROOT\M5ShellLib.Uploads.1 Uploads Class
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch\CLSID {814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch\CurVer M5ShellLib.WebSearch.1
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch WebSearch Class
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch.1
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch.1\CLSID {814FE9E3-E0BA-4FAF-B5DA-8F7B1AB1F4B1}
HKEY_CLASSES_ROOT\M5ShellLib.WebSearch.1 WebSearch Class
HKEY_CLASSES_ROOT\morphtorrent
HKEY_CLASSES_ROOT\morphtorrent\DefaultIcon "C:\Program Files\Morpheus\Torrent.ico"
HKEY_CLASSES_ROOT\morphtorrent\shell\open\command "C:\Program Files\Morpheus\Morpheus.exe" "%1"
HKEY_CLASSES_ROOT\morphtorrent EditFlags hex:00,00,01,00
HKEY_CLASSES_ROOT\morphtorrent TORRENT File
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol\CLSID {F5382384-CC9B-432C-B5DA-6666D477D21E}
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol\CurVer Proto.ResourceProtocol.1
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol ResourceProtocol Class
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol.1
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol.1\CLSID {F5382384-CC9B-432C-B5DA-6666D477D21E}
HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol.1 ResourceProtocol Class
HKEY_CLASSES_ROOT\TypeLib\{2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}
HKEY_CLASSES_ROOT\TypeLib\{2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}\1.0\0\win32 C:\Program Files\Morpheus\Proto.dll
HKEY_CLASSES_ROOT\TypeLib\{2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}\1.0\HELPDIR C:\Program Files\Morpheus\
HKEY_CLASSES_ROOT\TypeLib\{2573E1B7-096C-4C18-B7B7-7ABE4FFBC86E}\1.0 Morpheus 5.0 Pluggable Internet Protocol Type Library
HKEY_CLASSES_ROOT\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}
HKEY_CLASSES_ROOT\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\InprocServer32 C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}\TypeLib {3F3714A0-89A4-46be-8AF3-D0C9D1FB03F9}
HKEY_CLASSES_ROOT\CLSID\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} MorpheusToolbar BHO
HKEY_CLASSES_ROOT\CLSID\{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9}
HKEY_CLASSES_ROOT\CLSID\{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9}\InprocServer32 C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9}\TypeLib {3F3714A0-89A4-46be-8AF3-D0C9D1FB03F9}
HKEY_CLASSES_ROOT\CLSID\{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} Morpheus Toolbar


HotSearchbar Browser Plug-in more information...
Details: HotSearchbar, a variant of ILookup, consists of an Internet Explorer toolbar and search box. It may spawn pop-up advertising on the user's desktop.
Status: Deleted

Infected files detected
c:\windows\system32\cache32_hsrb\100hsrb.bin
c:\windows\system32\cache32_hsrb\msg.bin

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}\InprocServer32 C:\WINDOWS\system32\hsrb.dll
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}\ProgID dsktrf.amo.1
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}\TypeLib {B5921564-CA50-4D36-A088-FCA56EB57812}
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B}\VersionIndependentProgID dsktrf.amo
HKEY_CLASSES_ROOT\clsid\{2490A770-D039-4B60-A94D-AD22F9AC605B} amo Class
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\InprocServer32 C:\WINDOWS\system32\hsrb.dll
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\ProgID dsktrf.iiittt.1
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\ToolboxBitmap32 C:\WINDOWS\system32\hsrb.dll, 102
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\TypeLib {B5921564-CA50-4D36-A088-FCA56EB57812}
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F}\VersionIndependentProgID dsktrf.iiittt
HKEY_CLASSES_ROOT\clsid\{DE910060-8EFB-44B9-B492-75180696643F} iiittt Class
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}\InprocServer32 C:\WINDOWS\system32\hsrb.dll
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}\ProgID dsktrf.momo.1
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}\TypeLib {B5921564-CA50-4D36-A088-FCA56EB57812}
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048}\VersionIndependentProgID dsktrf.momo
HKEY_CLASSES_ROOT\clsid\{76C13ACD-B6FD-4CBE-AC7B-46551F360048} momo Class


FavoriteMan Browser Plug-in more information...
Details: FavoriteMan is an Internet Explorer Browser Helper Object (BHO) that intermittently connects to its controlling servers which may direct it to download and install other programs and add entries to the IE Favorites menu or background Desktop.
Status: Deleted

Infected files detected
c:\windows\system32\im64.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}\InprocServer32 C:\WINDOWS\system32\ATPART~1.DLL
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}\ProgID F1.Organizer.1
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}\TypeLib {EF100007-F409-426a-9E7C-CB211F2A9786}
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}\VersionIndependentProgID F1.Organizer
HKEY_CLASSES_ROOT\clsid\{00000ef1-0786-4633-87c6-1aa7a44296da} F1 Organizer Class


iMesh P2P Program more information...
Details: iMesh is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\windows\system32\hsenj.ocx

Infected registry entries detected
HKEY_CURRENT_USER\Software\iMesh
HKEY_CURRENT_USER\Software\iMesh\iMesh5\AutoConnect 550 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\AutoConnect 650 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Cinema Volume 100
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\LocalContent DownloadDir C:\My Downloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\LocalContent Dir0 012345:c:\my downloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS Enabled 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS ServerAddress
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS Username
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS Password
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS ServerPort 1080
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\SOCKS UseAuthentication 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\Transfer ConcurrentDownloads 20
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\Transfer ConcurrentUploads 20
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\Transfer UploadBandwidth 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\Transfer DlDir0 C:\My Downloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\UserDetails Email celticguardiaan@hotmail.com
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\UserDetails UserName xllsstrnk
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\UserDetails Passwd debarshi
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\UserDetails Newsletter 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client\UserDetails DFU 41560736
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client LimitBitrate 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client IsRegistered 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Client SilentRegistration 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall ServerAddress
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall Username
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall Password
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall Enabled 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall ServerPort 1080
HKEY_CURRENT_USER\Software\iMesh\iMesh5\FireWall UseAuthentication 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella Transfer_MaxDownloads 20
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella Transfer_MaxUploads 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella LocalNetwork_SuperNode 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella LocalFirewall_FireWall 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella Transfer_MinDownloadSpeed 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Gnutella Transfer_MinUploadSpeed 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP UseProxy Off
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP UserName
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP Password
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP Address
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP Port
HKEY_CURRENT_USER\Software\iMesh\iMesh5\HTTP UseAuthentication 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\IM2Net GUIDForInit {CDFAB271-1E75-4DE0-9464-0A7105FDCDD8}
HKEY_CURRENT_USER\Software\iMesh\iMesh5\IM2Net DatabaseVersion 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Restrictions UseRestrictDown 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Restrictions RestrictVideo 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Restrictions RestrictPictures 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Restrictions RestricText 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Restrictions RestricAskPass 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 DAPStart 1107901068
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 PrCode 221196
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ExpsNum 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ExpsCnt 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 StartDate 1107148188
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 EndDate 1108876128
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ConfStr ???
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 RefExpsCnt 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5134 ExpsMSecCnt 7
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 DAPStart 1107901068
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 PrCode 214388
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 StartDate 1089608988
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 EndDate 1108876128
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ConfStr ???
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 RefExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5610 ExpsMSecCnt 16
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 DAPStart 1107732314
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 PrCode 220577
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ExpsNum 13
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ExpsCnt 13
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ExpsLast 8
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 StartDate 1104901797
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 EndDate 1108703337
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 DAPUrl http://altfarm.mediaplex.com/ad/ck/4910-25...715-28?mpt=@@@@
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_599300.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 Url http://altfarm.mediaplex.com/ad/ck/4910-25...28?mpt=14637812
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 RndStr 14637812
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 RefExpsCnt 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1\Seqn_5993 ExpsMSecCnt 217
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1 SeqnList
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1 SeqnNum 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_1 MinCycle 25
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 DAPStart 1107901068
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 PrCode 220627
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ExpsNum 36
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ExpsCnt 7
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 StartDate 1105333788
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 EndDate 1108876128
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ConfStr ???
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 RefExpsCnt 7
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2\Seqn_5540 ExpsMSecCnt 202
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2 SeqnList
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2 SeqnNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_2 MinCycle 46
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 DAPStart 1107732297
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 PrCode 219044
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ExpsNum 13
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ExpsCnt 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ExpsLast 6
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 StartDate 1100754597
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 EndDate 1108703337
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ConfStr ???
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 RefExpsCnt 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5308 ExpsMSecCnt 687
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 DAPStart 1107732106
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 PrCode 221228
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 OrigFileTerm jpg
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 StartDate 1107234594
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 DAPUrl http://www.bingocard.com/adpage2.asp?sourceid=101050
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 Url http://www.bingocard.com/adpage2.asp?sourceid=101050
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ConfStr ??C
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 BannUrl Bcdadwr.CySolutionAd.com/bns/new/bingocard_468x60_cydoor.jpg
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 RndStr 37580319
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 RefExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_5497 ExpsMSecCnt 997
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 DAPStart 1107732297
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 PrCode 221066
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ExpsNum 13
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 StartDate 1106629797
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 EndDate 1108703337
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 DAPUrl http://www.lendingexpert.com/index.cfm?s=c...p;k=womenbanner
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 Url http://www.lendingexpert.com/index.cfm?s=c...p;k=womenbanner
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ConfStr ??C
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 BannUrl http://www.bns1.net/bns/new/B_649700.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 RndStr 31284434
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 RefExpsCnt 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ExpsMSecCnt 4323
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_6497 ActvMSecCnt 3004
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 DAPStart 1107732109
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 PrCode 217990
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 StartDate 1098335394
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 DAPUrl http://www.drivingtoday.com/autobuyersadvice
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 Url http://www.drivingtoday.com/autobuyersadvice
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_737700.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 RndStr 25181474
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7377 RefExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 DAPStart 1107732111
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 PrCode 217991
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 StartDate 1098335394
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 DAPUrl http://www.drivingtoday.com/cartrackers
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 Url http://www.drivingtoday.com/cartrackers
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_737800.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 RndStr 52219895
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7378 RefExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 DAPStart 1107732112
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 PrCode 217992
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 StartDate 1098335394
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 DAPUrl http://www.drivingtoday.com/acarplace
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 Url http://www.drivingtoday.com/acarplace
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_737900.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 RndStr 18092833
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7379 RefExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 DAPStart 1107732114
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 PrCode 217993
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 StartDate 1098335394
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 DAPUrl http://www.drivingtoday.com/autoswalk
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 Url http://www.drivingtoday.com/autoswalk
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_738000.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 RndStr 47108217
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7380 RefExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 DAPStart 1107732115
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 PrCode 217994
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 FileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 OrigFileTerm gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 StartDate 1098335394
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 EndDate 1108703334
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 DAPUrl http://www.drivingtoday.com/netzero
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 Url http://www.drivingtoday.com/netzero
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 BannUrl Bcdadwr.CySolutionAd.com/bns/new/B_738300.gif
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 Type 12
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 RndStr 89461263
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 RefClickCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3\Seqn_7383 RefExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3 SeqnList
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3 SeqnNum 8
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_3 MinCycle 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_4 SeqnNum 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0\Level_4 MinCycle 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0 DeftExpsLen 25
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_0 ShowCycle 44
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 DAPStart 1107731950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 PrCode 220911
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 StartDate 1106111410
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 EndDate 1108616950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 ConfStr ??C
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6377 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 DAPStart 1107731950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 PrCode 220912
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 StartDate 1106111410
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 EndDate 1108616950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 ConfStr ??C
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6378 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 DAPStart 1107731950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 PrCode 220914
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 ExpsNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 StartDate 1106111410
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 EndDate 1108616950
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 ConfStr ??C
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1\Seqn_6380 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1 SeqnList
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1 SeqnNum 3
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_1 MinCycle 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 DAPStart 1107901069
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 StartHour 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 EndHour 1439
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 ShowBann 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 PrCode 221462
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 ExpsNum 36
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 ExpsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 ExpsLast 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 BannNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 BannCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 FileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 OrigFileTerm htm
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 StartDate 1107839389
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 EndDate 1108876129
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 Url Nothing
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 ConfStr A??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4\Seqn_5976 CycleInter 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4 SeqnList
HKEY_CURRENT_USER\Software\iMesh�

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:59 PM

Posted 16 November 2006 - 06:19 PM

It looks like I didn't get everything. Can you post the rest of the log and also a new hijackthis log?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 November 2006 - 07:54 PM

Continued again
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4 SeqnList
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4 SeqnNum 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1\Level_4 MinCycle 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Loct_1 Passive 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Services\Queue BnsCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Services\Queue BnsPtr 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338\Services\Status IdleState 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 UserCode 200101
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 LoctNum 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 LNextCMSConn 1107981236
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 DaysCnt 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 LastDate 1107901060
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 LastCMSConn
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 LLastCMSConn 1107901068
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 HisAryNum 67
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 HisAry
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 DistCode 442
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 ConnFrqn 20
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc\Adwr_338 CmsConnTimes 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc Vers 3216
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc VersBuild 3216_11
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc Desc2 ????????sL@??
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Roodyc ConnType 2
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Search MaxSearch 500
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Search EnableSuggest 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Security AntivirusUse 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Security AntivirusPath
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Security DoNotShare 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol VersionList 6
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Search
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Downloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Library_org
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Library_phis
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Library_play
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Uploads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetListCol Networks
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetSplitter TreeLibraryCol 180
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetSplitter TreeLibraryRow 382
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetSplitter PlayListDlg 264
HKEY_CURRENT_USER\Software\iMesh\iMesh5\SetSplitter NetworkFrameInfo 160
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Environment OS 5.1.2600
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Environment SP 2.0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Environment IE 6.0.2900.2180
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Environment MediaPlayer 10,0,0,3646
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\1 Start 2005-02-06 23:18:36
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\1 End 2005-02-06 23:51:47
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\2 Start 2005-02-07 00:59:48
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\2 End 2005-02-07 01:07:44
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\3 Start 2005-02-08 22:17:27
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\3 End 2005-02-08 22:33:08
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\4 Start 2005-02-09 20:33:44
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats\Sessions\4 End 2005-02-09 20:47:10
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats SendSessionsN 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats SendSearchesN 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Stats SendDownloadsN 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Transfer DownloadDir C:\My Downloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Transfer PartialsDir C:\Program Files\iMesh\iMesh5\Partials
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Transfer EstimatedSpeed 69505
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Transfer Accelerate 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5\Transfer PluginsDownloads
HKEY_CURRENT_USER\Software\iMesh\iMesh5 UpdateDialog 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 OutlookStyle 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 SaveOldParams Ok
HKEY_CURRENT_USER\Software\iMesh\iMesh5 Skin C:\Program Files\iMesh\iMesh5\Skins\Default.skn
HKEY_CURRENT_USER\Software\iMesh\iMesh5 IsFirstStart 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5 RegMail celticguardiaan@hotmail.com
HKEY_CURRENT_USER\Software\iMesh\iMesh5 RegistrationURL http://www.imesh.com/profile/profile_short....com&send=1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 AsNewUser 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5 IsSecondStartScan 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 Registration Ok
HKEY_CURRENT_USER\Software\iMesh\iMesh5 UserSuffix ap
HKEY_CURRENT_USER\Software\iMesh\iMesh5 MinToTaskBar 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 LaunchStartup 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5 ShowSplash 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 LinkInterception 0
HKEY_CURRENT_USER\Software\iMesh\iMesh5 AlertSearch 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 AlertDownload 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 SoundAlertDownload 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 Shortcut 1
HKEY_CURRENT_USER\Software\iMesh\iMesh5 Placement


TV Media Display Adware (General) more information...
Details: TV Media Display is secretly installed on users computer to show advertising, usually popups.
Status: Deleted

Infected files detected
c:\documents and settings\robert\application data\tvmcwrd.dll
c:\documents and settings\robert\application data\tvmknwrd.dll
c:\documents and settings\robert\application data\tvmuknwrd.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}
HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}\InprocServer32 C:\Program Files\TV Media\TvmBho.dll


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected files detected
c:\windows\system32\rundll32


ComedyPlanet Adware (General) more information...
Status: Deleted

Infected files detected
c:\windows\system32\mstble32.ocx

Infected registry entries detected
HKEY_CLASSES_ROOT\joke
HKEY_CLASSES_ROOT\joke\DefaultIcon "C:\Program Files\Comedy-Planet\Comedy-Planet.exe"
HKEY_CLASSES_ROOT\joke\Shell\open\command "C:\Program Files\Comedy-Planet\Comedy-Planet.exe" "%1"
HKEY_CLASSES_ROOT\joke\Shell open
HKEY_CLASSES_ROOT\joke URL:JOKE Protocol
HKEY_CLASSES_ROOT\joke EditFlags
HKEY_CLASSES_ROOT\joke URL Protocol


E2Give Adware (General) more information...
Details: E2Give is an Internet Explorer Browser Helper Object (BHO) that redirects accesses to web merchants in order to claim their affiliate fees.
Status: Deleted

Infected files detected
c:\WINDOWS\system32\key.~
c:\WINDOWS\system32\log.~
c:\WINDOWS\system32\data.~


TagASaurus Adware (General) more information...
Details: TagASaurus is an adware application that creates a search engine window on the desktop and may display advertising.
Status: Deleted

Infected files detected
c:\windows\uninst2.htm
c:\windows\unist1.htm

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\system\sysold
HKEY_LOCAL_MACHINE\software\system\sysold ms05539994710 C:\WINDOWS\ms05539994710.exe
HKEY_LOCAL_MACHINE\software\system\sysold ms05539994710.exe C:\WINDOWS\ms05539994710.exe
HKEY_CURRENT_USER\software\system\sysuid
HKEY_CURRENT_USER\software\system\sysuid uid 8895154


EliteMediaGroup Adware (General) more information...
Details: EliteMedia is an adware applicaton that opens pop-up advertisements on the user's desktop.
Status: Deleted

Infected files detected
c:\windows\em06y.ini

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb .Owner {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\System32\ObjSafe.tlb 1


Deskwizz/ZQuest Browser Plug-in more information...
Details: Deskwizz/ZQuest is an adware application that tracks the user's browsing in order to display targeted advertising on the desktop.
Status: Deleted

Infected files detected
c:\program files\d.bat


Begin2Search.BigTrafficNet Browser Plug-in more information...
Details: Begin2Search.BigTrafficNet is an adware program that displays advertisements. It works as a Browser
Status: Deleted

Infected files detected
C:\!KillBox\desktrf-bundles-hightrafficmedia2.exe
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe


Look2Me Adware (General) more information...
Details: Look2Me monitors the web sites you visit and sends the log to the vendor's server. Look2Me will also open pop-up windows.
Status: Deleted

Infected files detected
C:\!KillBox\dnt8dfc2.sys


webHancer Adware (General) more information...
Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Deleted

Infected files detected
C:\!KillBox\hancerdoem.exe


Trojan-Downloader.Win32.Bomka.r Trojan Downloader more information...
Status: Deleted

Infected files detected
C:\!KillBox\justin-new.exe


Desktop Links Adware (General) more information...
Details: Desktop Links consists of various links and shortcuts placed on the desktop by adware and spyware programs. It includes folders and links placed in Internet Explorer's favorites list.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\copy of creditcard.ico
C:\WINDOWS\system32\creditcard.ico


ABetterInternet.Transponder.Ceres Adware (General) more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\Dthmlxk.xml
C:\WINDOWS\system32\Ieoidrk.xml


CoolWebSearch Hijacker more information...
Details: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to CoolWebSearch.com and other sites affiliated with its operators.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\Dthmlxk1.xml
C:\WINDOWS\system32\Dthmlxk2.xml
C:\WINDOWS\system32\Dthmlxu.xml
C:\WINDOWS\system32\Ieoidrk1.xml
C:\WINDOWS\system32\Ieoidrk2.xml
C:\WINDOWS\system32\Ieoidru.xml


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\WINDOWS\system32\msjtes40.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib {2358C810-62BA-11d1-B3DB-00600832C573}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Jet Expression Service
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} AppID {39ce474e-59c1-4b84-9be2-2600c335b5c6}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jviKd mPAKXSXvXGocNxqF]L}]LnaqVDR^
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kvGkaEo [wOXCxPr]gDiUjS]Qkwpj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qwlvwboCwpm VANAkqACEs]GLNlursP@SUD
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} zjzzuxIgO TYPZVsvKV[}FKJCz[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} mvwni ~qiYHutUsnSNoJy@rmejqOELoT
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rfywqpbkS hVewR_`S|\PZuT|D|g
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Wdckp MGTi{AL@HFCsqySv[OXmkb|mAl^H[O
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qfon S_ggv[qDN@\hSaR[@cOpWm_t
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} chwgwvDCdrv HssEGr|R_KvQPkqAsDJ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} NakbiIH `TPiDYdyGeoAlMudbkPSJSA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ugsbsBRfju Gjl_QAHFzPLWadA`|ynHm
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} otoej zfhFeLLTO^wPocqkp[\pRt{zQ}oNG
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} NkEe lY}oFAn^PAY[LHKrmVotyMkm}xV{DiZ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kOqcaRtgikpoJ Da\fcaeJgsj]moMcn^XkToz


VX2.Transponder Browser Plug-in more information...
Details: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows. VX2 also collects and sends personal information.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\0\win32 C:\WINDOWS\system32\ATPartners.dll
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0 Favorite 1.0 Type Library


CoolWebSearch.CameUp Hijacker more information...
Details: CoolWebSearch.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak


More continued

Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.28452)


Mirar Toolbar more information...
Details: Mirar is an adware application that installs a browser helper object (BHO) in the form of a toolbar.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 C:\WINDOWS\system32\WinNB58.dll
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties Version 58
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties BuildName 876057
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties ShowType 1
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties PopupCount 0
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties BlockEnable 0
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties WalkThrough 0
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties Ticket 00361123488282
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} Related Page
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy\CLSID {8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy\CurVer NN_Bar_Dummy.NN_BarDummy.1
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy NN_BarDummy Class
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1\CLSID {8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1 NN_BarDummy Class
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D} _INN_WebBandEvents
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib {F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1} INN_BarDummy
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D} INN_Bar_Helper
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F} INN_WebBand
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32 C:\WINDOWS\system32\WinNB58.dll
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0 NN_Bar 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32 C:\WINDOWS\system32\WinDmy.dll
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0 NN_Bar_Dummy 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} DisplayName Related Page
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} UninstallString mshta.exe http://remove.getmirar.com/
HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32 C:\WINDOWS\system32\WinNB58.dll
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32 C:\WINDOWS\system32\WinDmy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} UninstallString mshta.exe http://remove.getmirar.com/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} DisplayName Related Page
HKEY_CLASSES_ROOT\clsid\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_CLASSES_ROOT\clsid\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 C:\WINDOWS\system32\WinNB58.dll
HKEY_CLASSES_ROOT\clsid\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKEY_CLASSES_ROOT\clsid\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} Related Page
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} Changed 0
HKEY_CLASSES_ROOT\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}
HKEY_CLASSES_ROOT\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\1.0\0\win32 C:\WINDOWS\system32\WinATS.dll
HKEY_CLASSES_ROOT\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\1.0 Mirar_Dummy_ATS 1.0 Type Library
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1\CLSID {8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1\CurVer Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
HKEY_CLASSES_ROOT\mirar_dummy_ats.mirar_dummy_ats1 Mirar_Dummy_ATS1 Class
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\iexplore Type 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\iexplore Count 41
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\iexplore Time
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54}
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54}\TypeLib {34568171-E2CA-4FCD-A99F-43771F766B8A}
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{8E83F52E-703A-4F2A-AEE0-26FAFC401E54} IMirar_Dummy_ATS1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll .Owner {8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll {8A0DCBDB-6E20-489C-9041-C1E8A0352E75}


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


DownloadWare Adware (General) more information...
Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\0\win32 C:\WINDOWS\system32\ATPartners.dll
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0\HELPDIR C:\WINDOWS\system32\
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}\1.0 Favorite 1.0 Type Library


SearchIt Toolbar Toolbar more information...
Details: SearchIt Toolbar is a search toolbar that displays popup advertising in Internet Explorer once it is installed.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softomate.SoftomateObjIEToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softomate.SoftomateObjIEToolbar DisplayName KewlBar 5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softomate.SoftomateObjIEToolbar UninstallString regsvr32 /u /s "C:\Program Files\KewlBar 5.0\toolbar.dll"




This thing is long, continued again!
Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 180
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1137247632
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 24.95.44.150:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 180
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel1005 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 180
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1137247632
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 24.95.44.150:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1137266270
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -126293052
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1137247636
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1137247632
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1137266270
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel1005 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 180
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1137247632
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 24.95.44.150:3531
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1137266270
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -126293052
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1137247636


iLookup Hijacker more information...
Details: iLookup is a homepage hijacking program that change the IE homepage and search pages resulting in many pop-up ads.
Status: Deleted

Infected files detected
c:/windows/system32/back.gif

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/back.gif
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/back.gif .Owner {99802379-7362-40E2-9D28-8A3B9AF880B7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/back.gif {99802379-7362-40E2-9D28-8A3B9AF880B7}


iSearch.Toolbar Toolbar more information...
Details: iSearch.Toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\toolbar.dll


IBIS.WinTools Browser Plug-in more information...
Details: Bubba WinTools purpose is currently unknown. Bubba.wintools installs a Browser Helper Object, a URLSearchHook and drops several files in Common files\WinTools\. Bubba.wintools runs at startup
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinTools Changed 0


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


Activity Monitor Commercial Key Logger more information...
Details: This is a commercial key logger that can monitor files within programs across a network or the Internet.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSearch Firefox Installer


My Search Bar Potentially Unwanted Program more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown MySearchToolBar.NetscapeShutdown.1 MySearchToolBar.NetscapeShutdown.1
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup MySearchToolBar.NetscapeStartup.1 MySearchToolBar.NetscapeStartup.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.28452)


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}


Command Service Adware (General) more information...
Details: Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Policies {6BF52A52-394A-11D3-B153-00C04F79FAA6} 6


RXToolbar Toolbar more information...
Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS\CLSID {55B61359-4DB0-4FF4-934E-3B8C0FC707F8}
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS\CurVer SemanticInsight.SI4CS.1
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS SI4CS Class
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8}
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8}\LocalServer32 C:\PROGRA~1\RXTOOL~1\SEMANT~1\SEMANT~1.EXE
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8}\ProgID SemanticInsight.SI4CS.1
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8}\TypeLib {7F46B8E6-254D-46B4-999F-B37B5BE7A9F5}
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8}\VersionIndependentProgID SemanticInsight.SI4CS
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8} SI4CS Class
HKEY_CLASSES_ROOT\clsid\{55B61359-4DB0-4FF4-934E-3B8C0FC707F8} AppID {4672FF87-EF31-4E10-9DBF-1FB28571A188}
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 C:\Program Files\RXToolBar\sfcont.dll
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 ThreadingModel both
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName sfcont.bin
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID RXResult.RXResultFilter.1
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID RXResult.RXResultFilter
HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} RXResultFilter Class
HKEY_CLASSES_ROOT\RXResult.RXResultTracker
HKEY_CLASSES_ROOT\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKEY_CLASSES_ROOT\RXResult.RXResultTracker RXResultTracker Class
HKEY_CLASSES_ROOT\RXResult.RXResultFilter
HKEY_CLASSES_ROOT\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_CLASSES_ROOT\RXResult.RXResultFilter RXResultFilter Class
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 RXResultFilter Class
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS.1
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS.1\CLSID {55B61359-4DB0-4FF4-934E-3B8C0FC707F8}
HKEY_CLASSES_ROOT\SemanticInsight.SI4CS.1 SI4CS Class
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 RXResultTracker Class
HKEY_LOCAL_MACHINE\Software\SemanticInsight
HKEY_LOCAL_MACHINE\Software\SemanticInsight AppDir C:\Program Files\RXToolBar\Semantic Insight


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Instal
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayName Kazaa 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogFile C:\Program Files\InstallShield Installation Information\{38C76428-6C9C-4CC6-B747-3AB6A4770225}\setup.ilg
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} ProductGuid {38C76428-6C9C-4CC6-B747-3AB6A4770225}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} InstallLocation C:\Program Files\Kazaa
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayVersion 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} Version 50331648
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MajorVersion 3
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MinorVersion 0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogMode 1


Begin2Search Toolbar more information...
Details: Begin2Search is a browser plug-in that installs as a toolbar in Internet Explorer and displays advertising on the desktop.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ONONE.Theimp.1
HKEY_CLASSES_ROOT\ONONE.Theimp.1\CLSID {2CAB0356-88E3-4902-A85D-379689C625E1}
HKEY_CLASSES_ROOT\ONONE.Theimp.1 SSL cert storage
HKEY_CLASSES_ROOT\ONONE.Theimp
HKEY_CLASSES_ROOT\ONONE.Theimp\CLSID {2CAB0356-88E3-4902-A85D-379689C625E1}
HKEY_CLASSES_ROOT\ONONE.Theimp\CurVer ONONE.Theimp.1
HKEY_CLASSES_ROOT\ONONE.Theimp SSL cert storage


SpySheriff Rogue Security Program more information...
Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn


Maxifiles Adware (General) more information...
Status: Deleted


#15 kagenoyuen

kagenoyuen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 November 2006 - 07:58 PM

HijackThis log (those files keep coming back)
Logfile of HijackThis v1.99.1
Scan saved at 7:54:32 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Brother\Brmfcmon\brmfcwnd.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {0713ED2B-E586-0BFE-3838-448FEA31CF81} - (no file)
O2 - BHO: (no name) - {1EF9DDE8-777E-D92F-1616-77E3FF0E71CB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &KewlBar Search - res://C:\Program Files\KewlBar 5.0\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Robert\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1927.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\De'Nine\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136734804198
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Done :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users