Build Theme!

What the Tech

Unreplied Topics

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I'm being attacked by PORN, Trojans, and Spybots!

Started by ELynn , Mar 24 2006 08:18 PM

Next

This topic is locked

21 replies to this topic

#1 ELynn

New Member

Authentic Member
11 posts

Posted 24 March 2006 - 08:18 PM

Please help me. I have children and they are being exposed to things that they do not need to see! I have zone alarm, norton antivirus, and AVG, and pop up blocker on but this stuff still keeps popping up. I am also getting a new homepage titled gopher search and it keeps coming back even though I have requested a yahoo homepage through internet options. I have run a registry cleaner and used the hijack this to remove the gopher search, cleared history, deleted cookies and temp internet files, shut down computer and restarted and it came back. Is there anything I can do to get rid of this stuff? I have some backdodr trojans and a w2 spybot virus according to Norton. Attatched is HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:56:39 PM, on 3/24/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\win32ssr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\program files\quicktime\qttask.exe
C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\program files\aws\weatherbug\weather.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\program files\aws\weatherbug\weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6364B963-7491-4343-9682-8357EC5AFBAA}: NameServer = 216.163.120.19 216.163.120.21
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
O23 - Service: Windows Spool Server Protocol - Unknown o

Back to top

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 31 March 2006 - 08:11 PM

Hello and welcome to TomCoyote forum. Sorry about the wait, management set up this link for you in Pinned information:
http://forums.tomcoy...showtopic=31622 If you still have not be helped elsewhere, I will see what I can do. Please follow these directions:

1) You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas....nsafefolder.gif
Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these: http://russelltexas....tehjtfolder.htm

2) Since it has been a while since you posted, please post a new HJT log reflecting the new safe location. I will respond as soon as possible after you post.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#3 ELynn

New Member

Authentic Member
11 posts

Posted 31 March 2006 - 10:24 PM

Thank you for trying to help me. I hope that I have installed the hijack this in the sorrect place, now. I put it in the C drive but it still said that it was in a temp file when I opened it up??? Can you tell if it is right ? Let me know if I need to do something else. Attatched is the new log:
Logfile of HijackThis v1.99.1
Scan saved at 11:14:04 PM, on 3/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Msnweb.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\program files\quicktime\qttask.exe
C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\aws\weatherbug\weather.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us8.hpwis.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\program files\aws\weatherbug\weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6364B963-7491-4343-9682-8357EC5AFBAA}: NameServer = 216.163.120.19 216.163.120.21
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Spool Server Protocol - Unknown owner - C:\WINDOWS\spoolsvr.exe (file missing)
O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe

Back to top

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 April 2006 - 05:34 AM

Hi Elynn, The HJT is still in the .zip file and that is not safe. When we use HJT we will have no backups if we need them. Use these instructions:
http://metallica.gee...xplanation.html It is very important that this is done before we use HJT.

I will work on the start of the cleanup for your computer and post it later in the morning, you need to know that you are very infected and that these infections will attract others. I strongly suggest you keep this computer offline as much as possible until we have it clean.

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#5 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 April 2006 - 07:29 AM

Hello Elynn, I am proceeding with the understanding you have properly positioned HJT and we will have backups if we need them. Let me also say this is a lot of instructions. Do them as you can but do stay in the posted order. Do not rush, that is when mistakes are made, do keep this computer offline until you are clean as much as possible. Please proceed in the Posted order:

1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. Uninstall one, update the one you keep and run a complete system scan, post for me any item that can't be removed, the complete name and pathway.
http://service1.syma...000031316555206 it is important that you do this now, the problems that are being caused by running two antivirus programs make troubleshooting next to impossible. Do this before you proceed.

2) C:\WINDOWS\system32\ssisvr32.exe do you know this program and is it safe, I get this information: http://www.softwaresecure.com/ It is running as a service, if you have any doubts, use this free scan to find out what it is: http://virusscan.jotti.org/

3) This one is new? O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe it is also running from a service and I have never seen Windows messenger run from a service. A search returns little, unless you just installed it, please use the scan to find our what it is also. Here are two more free scans in case jotti is busy.
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html

2 & 3 are very important, I do not want to remove them until I am sure they are bad, you must get that information for us, I can not do that. This one: Msnweb.exe, I am fairly sure it is bad, and will remove it. If you find in the scan it is not, do not remove it and do post the information for me.

4) Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware is 1.06 and Spybot 1.04. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be removed.

5) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Do all of these next three 6, 7 and 8 at the same time if you can.

6) Disable the offending Service
Click Start > Run and type services.msc
Scroll down to MsLX32 and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the offending Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type MsLX32 and press OK.
OK any prompts, close HijackThis, and restart your computer.

7) Disable the offending Service
Click Start > Run and type services.msc
Scroll down to Windows Spool Server Protocol and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the offending Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type Windows Spool Server Protocol and press OK.
OK any prompts, close HijackThis, and restart your computer.

8) Disable the offending Service
Click Start > Run and type services.msc
Scroll down to Windows web messenger and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the offending Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type Windows web messenger and press OK.
OK any prompts, close HijackThis, and restart your computer.

9) Open Start > Control Panel > Add Remove programs and uninstall: C:\program files\aws\ <<< if there.

***items below may have been removed by the scans, do not be concerned, just do not miss any***

10) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
O4 - HKCU\..\Run: [Weather] C:\program files\aws\weatherbug\weather.exe
O23 - Service: MsLX32 - Unknown owner - C:\WINDOWS\MsLX32.exe (file missing)
O23 - Service: Windows Spool Server Protocol - Unknown owner - C:\WINDOWS\spoolsvr.exe (file missing)
O23 - Service: Windows web messenger - Unknown owner - C:\WINDOWS\Msnweb.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

11) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\Msnweb.exe >>> file

C:\WINDOWS\MsLX32.exe >>> file

C:\WINDOWS\spoolsvr.exe >>> file (careful of spelling, the VALID file is:
C:\WINDOWS\system32\spoolsv.exe <<< good file

C:\program files\aws\ >>> folder

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

12) Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Restart the computer, post any information I requested above, the ewido scan results, a new HJT log and any comments you have.

Thanks...Phil

If you run into questions you can't answer, do post them for me and I will respond as soon as possible.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#6 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 04:31 PM

Hello PSKelley, Thank you again for all your help. I have tried to do all that you have told me to do. I do think that a lot of stuff has been cleared out, but there is still some things lingering about. The scans did turn up some viruses and trojans but hopefully they have been dealt with! When I checked on the windows\system 32\ssisvr32.exe it said that it was okay. I do not know what it is. The other , the windows MSNweb.exe was found to contain viruses. I am still showing some thing in the favorites folder that contain sexual stuff and carp**( credit cards, games, health, search, adult dating) sounds like a toolbar in my favorites? Computer is still moving a little slow, also. Below is a copy of the reports that I put on desktop and a new HJT log. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\Program Files\\InterVideo\\Common\\Bin\\WinCinemaMgr.exe"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls] "C:\\WINDOWS\\System32\\msxml3a.dll"=dword:00000002 [HKEY_CLASSES_ROOT\.gcf] [HKEY_CLASSES_ROOT\SysmonLogManager.Snapin] [HKEY_CLASSES_ROOT\WMPCD] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=214695&code=244643594] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=214695&code=244643594\OpenWithList] "a"="WINWORD.EXE" "MRUList"="a" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=224042&code=573631252] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=224042&code=573631252\OpenWithList] "a"="WINWORD.EXE" "MRUList"="a" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=225193&code=621978049] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=225193&code=621978049\OpenWithList] "a"="WINWORD.EXE" "MRUList"="a" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=225194&code=787193276] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp?file=225194&code=787193276\OpenWithList] "a"="WINWORD.EXE" "MRUList"="a" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pf] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pf\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.r3t] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RDB] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RDB\OpenWithList] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjt] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt] "Application"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp] "Application"="" [HKEY_CLASSES_ROOT\ADCS] @="Directory Class Container" [HKEY_CLASSES_ROOT\ADCS\CLSID] @="{89E30300-764D-11d0-B282-00A0C90F56FC}" [HKEY_CLASSES_ROOT\CameraWindowComp.Document] @="Harnes Document" [HKEY_CLASSES_ROOT\CameraWindowComp.Document\CLSID] @="C:\\Program Files\\Canon\\CameraWindow\\CameraWindowComp.exe" [HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon] @="C:\\WINDOWS\\System32\\CMMGR32.EXE,1" [HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open] [HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command] @="C:\\WINDOWS\\System32\\CMMGR32.EXE \"%1\"" [HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...] [HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command] @="C:\\WINDOWS\\System32\\CMMGR32.EXE /settings \"%1\"" [HKEY_CLASSES_ROOT\DSP.DSP] @="DSP Class" [HKEY_CLASSES_ROOT\DSP.DSP\CLSID] @="{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}" [HKEY_CLASSES_ROOT\DSP.DSP\CurVer] @="DSP.DSP.1" [HKEY_CLASSES_ROOT\DSP.DSPDMOProp_Chorus.1] @="DSPDMOProp_Chorus Class" [HKEY_CLASSES_ROOT\DSP.DSPDMOProp_Chorus.1\CLSID] @="{6F63B172-5543-4593-91CE-EDBA65B9FACDB}" [HKEY_CLASSES_ROOT\GraphingCalculator.Document\DefaultIcon] @="C:\\PROGRA~1\\GRAPHI~1\\GRAPHI~1.EXE,1" [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\open] [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\open\command] @="C:\\PROGRA~1\\GRAPHI~1\\GRAPHI~1.EXE \"%1\"" [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\print] [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\print\command] @="C:\\PROGRA~1\\GRAPHI~1\\GRAPHI~1.EXE /p \"%1\"" [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\printto] [HKEY_CLASSES_ROOT\GraphingCalculator.Document\shell\printto\command] @="C:\\PROGRA~1\\GRAPHI~1\\GRAPHI~1.EXE /pt \"%1\" \"%2\" \"%3\" \"%4\"" [HKEY_CLASSES_ROOT\HeaderFooter.HeaderFooter.1] @="Template Printer class" [HKEY_CLASSES_ROOT\HeaderFooter.HeaderFooter.1\CLSID] @="{30c3f6cd-98b5-11cf-bb82-00aa00bdce0b}" [HKEY_CLASSES_ROOT\igfx.CUITestConfig.1] @="CUITestConfig Class" [HKEY_CLASSES_ROOT\igfx.CUITestConfig.1\CLSID] @="c" [HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1] @="WMDRMAx Class" [HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID] @="{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}" [HKEY_CLASSES_ROOT\MailFileAtt] @="" [HKEY_CLASSES_ROOT\MailFileAtt\CLSID] @="{00020D05-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\mapifvbx.object] @="MAPIForm object" [HKEY_CLASSES_ROOT\mapifvbx.object\Clsid] @="{41116C00-8B90-101B-96CD-00AA003B14FC}" [HKEY_CLASSES_ROOT\mapifvbx.object.1] @="MAPIForm object (V 1.0)" [HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid] @="{41116C00-8B90-101B-96CD-00AA003B14FC}" [HKEY_CLASSES_ROOT\MMJB.BPP\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmfwlaunch.exe,0" [HKEY_CLASSES_ROOT\MMJB.BPP\shell\Open] [HKEY_CLASSES_ROOT\MMJB.BPP\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmfwlaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.CDA\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe,1" [HKEY_CLASSES_ROOT\MMJB.CDA\shell\Play] [HKEY_CLASSES_ROOT\MMJB.CDA\shell\Play\Command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.M3U\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe,1" [HKEY_CLASSES_ROOT\MMJB.M3U\shell\Open] [HKEY_CLASSES_ROOT\MMJB.M3U\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.M3U\shell\Play] [HKEY_CLASSES_ROOT\MMJB.M3U\shell\Play\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.MMZ\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\ti.exe,0" [HKEY_CLASSES_ROOT\MMJB.MMZ\shell\Install] [HKEY_CLASSES_ROOT\MMJB.MMZ\shell\Install\Command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\ti.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.MMZ\shell\Open] [HKEY_CLASSES_ROOT\MMJB.MMZ\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\ti.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.MP3\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe,1" [HKEY_CLASSES_ROOT\MMJB.MP3\shell\Open] [HKEY_CLASSES_ROOT\MMJB.MP3\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.MP3\shell\Play] [HKEY_CLASSES_ROOT\MMJB.MP3\shell\Play\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.WAV\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe,1" [HKEY_CLASSES_ROOT\MMJB.WAV\shell\Open] [HKEY_CLASSES_ROOT\MMJB.WAV\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.WAV\shell\Play] [HKEY_CLASSES_ROOT\MMJB.WAV\shell\Play\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.WMA\DefaultIcon] @="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe,1" [HKEY_CLASSES_ROOT\MMJB.WMA\shell\Open] [HKEY_CLASSES_ROOT\MMJB.WMA\shell\Open\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\MMJB.WMA\shell\Play] [HKEY_CLASSES_ROOT\MMJB.WMA\shell\Play\command] @="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjblaunch.exe\" \"%1\"" [HKEY_CLASSES_ROOT\msbackupfile\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,\ 62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,00,2c,00,31,00,30,\ 00,00,00 [HKEY_CLASSES_ROOT\msbackupfile\shell\Open] @="&Open" [HKEY_CLASSES_ROOT\msbackupfile\shell\Open\Command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,\ 62,00,61,00,63,00,6b,00,75,00,70,00,2e,00,65,00,78,00,65,00,00,00 [HKEY_CLASSES_ROOT\Plenoptic.Plenoptic] @="Plenoptic Class" [HKEY_CLASSES_ROOT\Plenoptic.Plenoptic\CLSID] @="{607C27E9-AB27-11d3-A116-A0EA50C10801}" [HKEY_CLASSES_ROOT\Plenoptic.Plenoptic\CurVer] @="Plenoptic.Plenoptic.1" [HKEY_CLASSES_ROOT\Plenoptic.Plenoptic.1] @="Plenoptic Class" [HKEY_CLASSES_ROOT\Plenoptic.Plenoptic.1\CLSID] @="{607C27E9-AB27-11d3-A116-A0EA50C10801}" [HKEY_CLASSES_ROOT\Presentations10.QuickFile\shell\open] @="&Play" [HKEY_CLASSES_ROOT\Presentations10.QuickFile\shell\open\command] @="C:\\Program Files\\Corel\\WordPerfect Office 2002\\PROGRAMS\\SHOW.EXE %1" [HKEY_CLASSES_ROOT\Presentations3.QuickFile\shell\open] @="&Play" [HKEY_CLASSES_ROOT\Presentations3.QuickFile\shell\open\command] @="C:\\Program Files\\Corel\\WordPerfect Office 2002\\PROGRAMS\\SHOW31.EXE %1" [HKEY_CLASSES_ROOT\rlmtcs.ohb] @="ohb Class" [HKEY_CLASSES_ROOT\rlmtcs.ohb\CLSID] @="{E8888041-B24A-4B0B-911B-12B018E43F21}" [HKEY_CLASSES_ROOT\rlmtcs.ohb\CurVer] @="rlmtcs.ohb.1" [HKEY_CLASSES_ROOT\rlmtcs.ohb.1] @="ohb Class" [HKEY_CLASSES_ROOT\rlmtcs.ohb.1\CLSID] @="{E8888041-B24A-4B0B-911B-12B018E43F21}" [HKEY_CLASSES_ROOT\sdfFile\shell\open] [HKEY_CLASSES_ROOT\sdfFile\shell\open\command] @="\"C:\\Program Files\\ArcSoft\\ShowBiz DVD\\showbizdvd.exe\" \"%1\"" [HKEY_CLASSES_ROOT\SymWriter.pdb] @="Pdb based SymWriter" [HKEY_CLASSES_ROOT\SymWriter.pdb\CLSID] @="{520DC67A-752E-11D3-8D56-00C04F680B2B}" [HKEY_CLASSES_ROOT\WBEMComConnection] @="WBEM Connection" [HKEY_CLASSES_ROOT\WBEMComConnection\CLSID] @="SOFTWARE\\CLASSES\\WBEMComConnection" [HKEY_CLASSES_ROOT\WBEMComLocator] @="WBEM Locator" [HKEY_CLASSES_ROOT\WBEMComLocator\CLSID] @="SOFTWARE\\CLASSES\\WBEMComLocator" [HKEY_CLASSES_ROOT\WMPPublsihCntr.WMPPublsihCntr] @="PublishCntr for WMP 7.0" [HKEY_CLASSES_ROOT\WMPPublsihCntr.WMPPublsihCntr\CLSID] @="{939438A9-CF0F-44d8-9140-599736F0D3A2}" [HKEY_CLASSES_ROOT\WMPPublsihCntr.WMPPublsihCntr\CurVer] @="WMPPublsihCntr.WMPPublsihCntr.1" [HKEY_CLASSES_ROOT\WMPPublsihCntr.WMPPublsihCntr.1] @="PublishCntr for WMP 7.0" [HKEY_CLASSES_ROOT\WMPPublsihCntr.WMPPublsihCntr.1\CLSID] @="{939438A9-CF0F-44d8-9140-599736F0D3A2}" [HKEY_CLASSES_ROOT\zapfile\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,61,00,70,00,\ 70,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,38,\ 00,00,00 [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}] @="WThl09ea09a6b2524d038d2b923da9938c0b Class" "AppID"="{72ce5efd-75f7-47cf-b181-65e55a407412}" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\Control] [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\LocalServer32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\7841B6~1\\DARKOR~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\ProgID] @="Wtlaunch.WThl09ea09a6b2524d038d2b923da9938c0b.1" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\ToolboxBitmap32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\7841B6~1\\DARKOR~1.EXE, 101" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\TypeLib] @="{9c6dc983-10ac-4b92-bc59-3d08dc85e244}" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{09ea09a6-b252-4d03-8d2b-923da9938c0b}\VersionIndependentProgID] @="Wtlaunch.WThl09ea09a6b2524d038d2b923da9938c0b" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}] @="WildTangent Multiplayer Class" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\Control] [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\wtmulti.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\ProgID] @="WT.WTMultiplayer.1" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\ToolboxBitmap32] @="C:\\WINDOWS\\wt\\webdriver\\wtmulti.dll, 101" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\TypeLib] @="{b162d478-ef46-4475-b1fe-216bdedb7fad}" [HKEY_CLASSES_ROOT\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}\VersionIndependentProgID] @="WT.WTMultiplayer" [HKEY_CLASSES_ROOT\CLSID\{1EF2E5CB-646F-4F85-A355-8E328652CA60}] @="MMFWRadBtn Property Page" [HKEY_CLASSES_ROOT\CLSID\{1EF2E5CB-646F-4F85-A355-8E328652CA60}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}] @="MMJBSlider Control" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ProgID] @="SLIDER.MMJBSliderCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx, 4" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\TypeLib] @="{6B58B5D9-7405-11D2-8F58-00E02916007D}" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBD-86AA-11D2-8F58-00E02916007D}] @="MMJBSlider Property Page" [HKEY_CLASSES_ROOT\CLSID\{23AA6EBD-86AA-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}] @="MMFWSpaceBar Control" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\MiscStatus\1] @="131217" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ProgID] @="MMFWCTRL.SpaceBarCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx, 2" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\TypeLib] @="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}" [HKEY_CLASSES_ROOT\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}] @="iiittt Class" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\Control] [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\Implemented Categories] [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\InprocServer32] @="C:\\WINDOWS\\System32\\rlmtcs.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\ProgID] @="rlmtcs.iiittt.1" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\ToolboxBitmap32] @="C:\\WINDOWS\\System32\\rlmtcs.dll, 102" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\TypeLib] @="{1AB449AB-1C29-402E-A5E7-26AF81B0D6F7}" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{294C0052-39DC-47E8-8DFF-4C5BC0100301}\VersionIndependentProgID] @="rlmtcs.iiittt" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}] @="HHComponentActivator Class" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Control] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Implemented Categories] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\HHACTI~1.DLL" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\MiscStatus\1] @="132497" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\ProgID] @="HHActiveX.HHComponentActivator.1" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\HHACTI~1.DLL, 102" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\TypeLib] @="{399CB6B4-7312-11D2-B4D9-00105A0422DF}" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\VersionIndependentProgID] @="HHActiveX.HHComponentActivator" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}] @="MMJBPushBtn Control" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ProgID] @="MMJBCTRL.PushBtnCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx, 1" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\TypeLib] @="{6B58B5D9-7405-11D2-8F58-00E02916007D}" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DD-7405-11D2-8F58-00E02916007D}] @="MMJBPushBtn Property Page" [HKEY_CLASSES_ROOT\CLSID\{6B58B5DD-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}] @="MMJBRadBtn Control" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ProgID] @="MMJBCTRL.RadBtnCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx, 2" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\TypeLib] @="{6B58B5D9-7405-11D2-8F58-00E02916007D}" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E1-7405-11D2-8F58-00E02916007D}] @="MMJBRadBtn Property Page" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E1-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}] @="MMJBLabel Control" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\ProgID] @="MMJBCTRL.LabelCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx, 3" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\TypeLib] @="{6B58B5D9-7405-11D2-8F58-00E02916007D}" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E5-7405-11D2-8F58-00E02916007D}] @="MMJBLabel Property Page" [HKEY_CLASSES_ROOT\CLSID\{6B58B5E5-7405-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}] @="LEAD MCMP/MJPEG Codec" [HKEY_CLASSES_ROOT\CLSID\{78D80080-F388-11D3-9161-00105A07EA40}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\LCODCCMP.DLL" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}] @="LEAD MCMP/MJPEG Decoder" [HKEY_CLASSES_ROOT\CLSID\{78D80081-F388-11D3-9161-00105A07EA40}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\LCODCCMP.DLL" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}] @="LEAD MCMP/MJPEG Encoder Property Page" [HKEY_CLASSES_ROOT\CLSID\{78D80082-F388-11D3-9161-00105A07EA40}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\LCODCCMP.DLL" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}] @="LEAD MCMP/MJPEG About Property Page" [HKEY_CLASSES_ROOT\CLSID\{78D80083-F388-11D3-9161-00105A07EA40}\InprocServer32] @="C:\\WINDOWS\\SYSTEM\\LCODCCMP.DLL" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}] @="WTVisReceiver Class" [HKEY_CLASSES_ROOT\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\sound.dll" "ThreadingModel"="Free" [HKEY_CLASSES_ROOT\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}\ProgID] @="WTVis.WTVisReceiver.1" [HKEY_CLASSES_ROOT\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}\TypeLib] @="{93795291-63D3-489c-B30E-5564CF578ABC}" [HKEY_CLASSES_ROOT\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}\VersionIndependentProgID] @="WTVis.WTVisReceiver" [HKEY_CLASSES_ROOT\CLSID\{84268CDA-5AE9-409C-94E9-B6FEB4B5A123}] @="MMFWPushBtn Property Page" [HKEY_CLASSES_ROOT\CLSID\{84268CDA-5AE9-409C-94E9-B6FEB4B5A123}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}] @="Avg Alert Manager UI Rule Class" [HKEY_CLASSES_ROOT\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\InprocServer32] @="C:\\Program Files\\Grisoft\\AVG Free\\avgamui.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\ProgID] @="AVG.AvgAmUIRule.7" [HKEY_CLASSES_ROOT\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}\VersionIndependentProgID] @="AVG.AvgAmUIRule" [HKEY_CLASSES_ROOT\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}] @="Avg Alert Manager UI Values Config Class" [HKEY_CLASSES_ROOT\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\InprocServer32] @="C:\\Program Files\\Grisoft\\AVG Free\\avgamui.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\ProgID] @="AVG.AvgAmUIPluginValuesConfig.7" [HKEY_CLASSES_ROOT\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}\VersionIndependentProgID] @="AVG.AvgAmUIPluginValuesConfig" [HKEY_CLASSES_ROOT\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}] @="WMplug Property Page" [HKEY_CLASSES_ROOT\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\wtwmplug.ax" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}] @="GlossaryPane Class" [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\Implemented Categories] [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}] [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\HHACTI~1.DLL" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\ProgID] @="HHActiveX.GlossaryPane.1" [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\TypeLib] @="{399CB6B4-7312-11D2-B4D9-00105A0422DF}" [HKEY_CLASSES_ROOT\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\VersionIndependentProgID] @="HHActiveX.GlossaryPane" [HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}] @="CmdLineContextMenu Class" [HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}\InprocServer32] @="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\CmdLineExt02.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}\ProgID] @="CmdLineExt.CmdLineContextMenu.1" [HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}\TypeLib] @="{9869EFA6-18E9-11D3-A837-00104B9E30B5}" [HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}\VersionIndependentProgID] @="CmdLineExt.CmdLineContextMenu" [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}] @="Loader Class" [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\InprocServer32] @="C:\\Program Files\\BearShare\\RunMSC.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\ProgID] @="RunMSC.Loader.1" [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\TypeLib] @="{905D0DF2-3A0A-4D94-853C-54A12A745905}" [HKEY_CLASSES_ROOT\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID] @="RunMSC.Loader" [HKEY_CLASSES_ROOT\CLSID\{A018F30B-687B-4483-8B68-464032791A92}] @="DeviceReferenceEnumerator Class" "AppID"="{A3EEE69A-A453-4475-B755-8860B0B17647}" [HKEY_CLASSES_ROOT\CLSID\{A018F30B-687B-4483-8B68-464032791A92}\LocalServer32] @="C:\\PROGRA~1\\PC-DOC~1\\DIAGNO~1\\DEVICE~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{A018F30B-687B-4483-8B68-464032791A92}\ProgID] @="DeviceReferenceServer.DeviceReferenceEnumerator.1" [HKEY_CLASSES_ROOT\CLSID\{A018F30B-687B-4483-8B68-464032791A92}\TypeLib] @="{8A568B68-2E6C-45A0-A93C-5AB5046391EB}" [HKEY_CLASSES_ROOT\CLSID\{A018F30B-687B-4483-8B68-464032791A92}\VersionIndependentProgID] @="DeviceReferenceServer.DeviceReferenceEnumerator" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}] @="WThla8ef5e372c9a44df910f6b88f2f7965b Class" "AppID"="{72ce5efd-75f7-47cf-b181-65e55a407412}" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\Control] [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\LocalServer32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\7841B6~1\\DARKOR~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\ProgID] @="Wtlaunch.WThla8ef5e372c9a44df910f6b88f2f7965b.1" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\ToolboxBitmap32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\7841B6~1\\DARKOR~1.EXE, 104" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\TypeLib] @="{9c6dc983-10ac-4b92-bc59-3d08dc85e244}" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{a8ef5e37-2c9a-44df-910f-6b88f2f7965b}\VersionIndependentProgID] @="Wtlaunch.WThla8ef5e372c9a44df910f6b88f2f7965b" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}] @="WTHoster Class" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\Control] [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\wthostctl.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\ProgID] @="WDMHHost.WTHoster.1" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\ToolboxBitmap32] @="C:\\WINDOWS\\wt\\webdriver\\wthostctl.dll, 101" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\TypeLib] @="{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}\VersionIndependentProgID] @="WDMHHost.WTHoster" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}] @="WThlac599b2552614e1786c6e50f1bd7dc99 Class" "AppID"="{56f46578-4cbe-4af7-81e0-f5f03cefc728}" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\Control] [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\LocalServer32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\DF479C~1\\EXCAVA~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\ProgID] @="Wtlaunch.WThlac599b2552614e1786c6e50f1bd7dc99.1" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\ToolboxBitmap32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\DF479C~1\\EXCAVA~1.EXE, 101" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\TypeLib] @="{8709726b-1464-4845-a03a-4377aa729875}" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{ac599b25-5261-4e17-86c6-e50f1bd7dc99}\VersionIndependentProgID] @="Wtlaunch.WThlac599b2552614e1786c6e50f1bd7dc99" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}] @="MMFWPushBtn Control" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\MiscStatus\1] @="131217" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\ProgID] @="MMFWCTRL.PushBtnCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx, 3" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\TypeLib] @="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}" [HKEY_CLASSES_ROOT\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{B1A6ACAF-242C-4F28-B980-AF08FA6C879B}] @="DeviceReference Class" "AppID"="{A3EEE69A-A453-4475-B755-8860B0B17647}" [HKEY_CLASSES_ROOT\CLSID\{B1A6ACAF-242C-4F28-B980-AF08FA6C879B}\LocalServer32] @="C:\\PROGRA~1\\PC-DOC~1\\DIAGNO~1\\DEVICE~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{B1A6ACAF-242C-4F28-B980-AF08FA6C879B}\ProgID] @="DeviceReferenceServer.DeviceReference.1" [HKEY_CLASSES_ROOT\CLSID\{B1A6ACAF-242C-4F28-B980-AF08FA6C879B}\TypeLib] @="{8A568B68-2E6C-45A0-A93C-5AB5046391EB}" [HKEY_CLASSES_ROOT\CLSID\{B1A6ACAF-242C-4F28-B980-AF08FA6C879B}\VersionIndependentProgID] @="DeviceReferenceServer.DeviceReference" [HKEY_CLASSES_ROOT\CLSID\{B617F87F-1856-43BC-ADEB-C43922F7A575}] @="MMFWSpaceBar Property Page" [HKEY_CLASSES_ROOT\CLSID\{B617F87F-1856-43BC-ADEB-C43922F7A575}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}] @="WTVisSender Class" [HKEY_CLASSES_ROOT\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\sound.dll" "ThreadingModel"="Free" [HKEY_CLASSES_ROOT\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}\ProgID] @="WTVis.WTVisSender.1" [HKEY_CLASSES_ROOT\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}\TypeLib] @="{B89CF276-BABD-4c52-8303-A44A335C6F84}" [HKEY_CLASSES_ROOT\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}\VersionIndependentProgID] @="WTVis.WTVisSender" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}] @="WThlbdb27603016c433eb26b12f52e8c9659 Class" "AppID"="{56f46578-4cbe-4af7-81e0-f5f03cefc728}" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\Control] [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\LocalServer32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\DF479C~1\\EXCAVA~1.EXE" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\ProgID] @="Wtlaunch.WThlbdb27603016c433eb26b12f52e8c9659.1" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\ToolboxBitmap32] @="C:\\PROGRA~1\\WILDTA~1\\Apps\\GAMECH~1\\Games\\DF479C~1\\EXCAVA~1.EXE, 104" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\TypeLib] @="{8709726b-1464-4845-a03a-4377aa729875}" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{bdb27603-016c-433e-b26b-12f52e8c9659}\VersionIndependentProgID] @="Wtlaunch.WThlbdb27603016c433eb26b12f52e8c9659" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}] @="MMJBTextBtn Control" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\ProgID] @="MMJBCTRL.TextBtnCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mmjbctrl.ocx, 5" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\TypeLib] @="{6B58B5D9-7405-11D2-8F58-00E02916007D}" [HKEY_CLASSES_ROOT\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{CE0E7204-D82C-4273-8A70-919963F4CFE0}] @="MMFWText Property Page" [HKEY_CLASSES_ROOT\CLSID\{CE0E7204-D82C-4273-8A70-919963F4CFE0}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}] @="MMFWRadBtn Control" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\MiscStatus\1] @="131217" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\ProgID] @="MMFWCTRL.RadBtnCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx, 4" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\TypeLib] @="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}" [HKEY_CLASSES_ROOT\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}] @="Avg Alert Manager Internal Plugin Config Gui Class" [HKEY_CLASSES_ROOT\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\InprocServer32] @="C:\\Program Files\\Grisoft\\AVG Free\\avgamiui.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\ProgID] @="AVG.AvgAmInternalPluginConfigGui.7" [HKEY_CLASSES_ROOT\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}\VersionIndependentProgID] @="AVG.AvgAmInternalPluginConfigGui" [HKEY_CLASSES_ROOT\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}] @="WMplug" [HKEY_CLASSES_ROOT\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\wtwmplug.ax" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}] @="MMFWComboBox Control" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\MiscStatus\1] @="131217" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\ProgID] @="MMFWCTRL.ComboBoxCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\ToolboxBitmap32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx, 6" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\TypeLib] @="{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}" [HKEY_CLASSES_ROOT\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{F1DD8F2C-1A49-40F0-9649-ACB3AB7AF86A}] @="MMFWComboBox Property Page" [HKEY_CLASSES_ROOT\CLSID\{F1DD8F2C-1A49-40F0-9649-ACB3AB7AF86A}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}] @="Loader Class" [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}\InprocServer32] @="C:\\WINDOWS\\wt\\wtgutils\\wtgutils.dll" "ThreadingModel"="Both" [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}\ProgID] @="Wtgutils.Loader.1" [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}\TypeLib] @="{F42D6561-34AD-11D5-A8E0-00A0CC663B7C}" [HKEY_CLASSES_ROOT\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}\VersionIndependentProgID] @="Wtgutils.Loader" [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}] @="amo Class" [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}\InprocServer32] @="C:\\WINDOWS\\System32\\rlmtcs.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}\ProgID] @="rlmtcs.amo.1" [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}\TypeLib] @="{1AB449AB-1C29-402E-A5E7-26AF81B0D6F7}" [HKEY_CLASSES_ROOT\CLSID\{F5DCB1F3-BF38-4966-9689-23C3DFCCBE17}\VersionIndependentProgID] @="rlmtcs.amo" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}] @="WildTangent Control" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Control] [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32] @="C:\\WINDOWS\\wt\\webdriver\\webdriver.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Insertable] [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1] @="131473" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID] @="WT3D.WT.1" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32] @="C:\\WINDOWS\\wt\\webdriver\\webdriver.dll, 101" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib] @="{FA13AA2E-CA9B-11D2-9780-00104B242EA3}" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Version] @="1.0" [HKEY_CLASSES_ROOT\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID] @="WT3D.WT" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}] @="MMFWText Control" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\Control] @="" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\InprocServer32] @="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\MMFWCtrl.ocx" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\MiscStatus] @="0" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\MiscStatus\1] @="131217" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}\ProgID] @="MMFWCTRL.TextCtrl.1" [HKEY_CLASSES_ROOT\CLSID\{FB215E25-F536-4B3

Back to top

#7 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 04:37 PM

hello again,
I think that there wasn't enough room on the other page for all the info so here is the rest:
Logfile of HijackThis v1.99.1
Scan saved at 5:29:06 PM, on 4/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ssisvr32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\program files\quicktime\qttask.exe
C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\VisionNet\VisionNet ADSL 101U Modem\CnxDslTb.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{6364B963-7491-4343-9682-8357EC5AFBAA}: NameServer = 216.163.120.19 216.163.120.21
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Software Secure Service (SSISvr32) - SoftwareSecure Inc - C:\WINDOWS\system32\ssisvr32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:16:59 PM, 4/1/2006
+ Report-Checksum: D97A1496

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Targetnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Msnweb.exe -> Backdoor.Rbot.avc : Cleaned with backup

Back to top

#8 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 April 2006 - 04:37 PM

The report you posted, I did not request, please only post what I request. I highlited the information I need to see in red.

Thanks

OK...now you are talking...is that the complete ewido scan report? If not post the rest of it.

Edited by pskelley, 01 April 2006 - 04:39 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#9 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 04:41 PM

sorry, didn't catch that. Let me know if there is anything else I need to do. I appreciate your patience and time!

Back to top

#10 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 04:43 PM

Yes, that was the complete ewido report

Back to top

Advertisements

Register to Remove

#11 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 April 2006 - 04:44 PM

Thanks, give me a little time to look it over and see what we have left to do. Good job so far :wavey:

:wavey:

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#12 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 05:20 PM

Ok, no hurry. Just email me when you figure it out. Thanks!

Back to top

#13 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 April 2006 - 05:21 PM

OK Elynn, I will look at the ewido scan report first:

ewido anti-malware - Scan report Created on: 4:16:59 PM, 4/1/2006
Not a bad report, usually there are more cookies, you must be cleaning them. The last item I see is this:
C:\WINDOWS\Msnweb.exe -> Backdoor.Rbot.avc : Cleaned with backup
Please be sure there was nothing beyond that point, usually the report says it in complete.

C:\Program Files\Yahoo!\YPSR\Quarantine\ <<< you need to clean out that quarantine folder, there is nothing good in it.

Logfile of HijackThis v1.99.1 Scan saved at 5:29:06 PM, on 4/1/2006
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE <<< you can remove this if you wish, see this information: http://castlecops.co...uplist-180.html While it is not malware, it is spyware. If you wish to remove it, simply use HJT to remove the 04 line, then go straight to the file: ALCXMNTR.EXE and delete it. Be careful of the spelling. You will have to search but it is usually in C:\Windows\

C:\Program Files\Java\j2re1.4.2_06 <<< your Java program is outdated and a security risk as hackers can use bad script to infect you. See this information: http://forums.spybot...read.php?t=2559

The balance of the HJT log appears to be clean, no malware. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.syma...src=sec_doc_nam

Looking at your feedback now. You are certainly welcome. As far as this: C:\WINDOWS\system32\ssisvr32.exe seems it has something to do with new classroom technology, look at the link: http://www.softwaresecure.com/ If it your computer and you do not use this program, remove it in Start > Control Panel > Add Remove programs.

As far as I can see without running additional scans, that I would be glad to do if you think we need to, you are clean of malware. As far as the junk that got installed in your favorites, I would say you will probably have to manually delete it. Keep in mind you are running a resource heavy security suite in ewido which is going to slow you down some, and you will also experience a slight slowdown until Windows can repopulate Prefetch which will take a few reboots. Beyond that, you should be back to normal. Now let me say that malware is not the only reason a computer will run slow, here are some good ideas to try that may speed you up:
http://www.microsoft...s/IEtopten.mspx
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html

Since you are clean, follow those instructions to clean out the System Restore files and look over the information I provided, as it will go a long way towards this not happening again if you follow the advice of those experts. Also look at the maintenance tips, running your maintenance programs will help you run better. Let me know in 24 hours how things are running.

I also want to suggest you pat yourself on the back, you did well :thumbup:

:thumbup:

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Back to top

#14 susanj

Authentic Member

Authentic Member
30 posts

Posted 01 April 2006 - 06:51 PM

I have thw same problem. Have you gotten any help yet.
Susan

Susan, please start your own topic using "New Topic" do not post in other folks topic.

Thank you

Edited by pskelley, 01 April 2006 - 06:54 PM.

Back to top

#15 ELynn

New Member

Authentic Member
11 posts

Posted 01 April 2006 - 06:52 PM

Thank you for the compliment but I must bow to you, for I could not have done it without you! I really appreciate all your help and knowledge. Thanks for the helpful links, as well. I have saved them to my favorites and will consult them often. I did manually remove the stuff in the favorites and will see if they will return or if that will do it. That was the end of the ewido report. It did say that it was finished but I didn't include that last sentence when I highlighted to copy. Sorry. I will leave the winsys32 thing alone as my daughter is taking an online course and it is probably connected to that. Will try to turn the ewido off but the only thing I see to do is turn off the guard. Is that what I am supposed to do? It says that it will uninstall... I will be in touch in the next 24 hours to let you know how things are going.

Back to top

Related Topics

Next

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.

Follow Us

Facebook Twitter

Help

Community Forum Software by IP.Board
Licensed to: What the Tech

Copyright © 2003- Geeks to Go, Inc. All rights reserved.