ComboFix 08-06-20.4 - Joanne 2008-06-27 21:36:38.3 - NTFSx86 Running from: C:\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-27 20:52 . 2008-06-27 21:31 <DIR> d-------- C:\SmitfraudFix 2008-06-27 20:51 . 2008-06-27 20:51 2,037,114 --a------ C:\ComboFix.exe 2008-06-27 20:50 . 2008-06-27 20:50 1,477,906 --a------ C:\SmitfraudFix.exe 2008-06-27 16:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-27 16:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-27 16:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-27 16:21 . 2008-06-27 21:25 3,322 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-27 16:02 . 2008-06-27 16:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-26 16:32 . 2008-06-26 16:32 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\rhcr94j0eg7l 2008-06-26 16:30 . 2008-06-26 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd 2008-06-26 10:29 . 2008-06-26 10:29 <DIR> d-------- C:\ff 2008-06-26 09:46 . 2008-06-26 09:54 <DIR> d-------- C:\Documents and Settings\Scott\ZDE 2008-06-26 09:39 . 2008-06-26 09:43 <DIR> d-------- C:\Program Files\Zend 2008-06-25 17:54 . 2008-06-26 11:00 81,920 --a------ C:\WINDOWS\tovafrnm.exe 2008-06-22 09:59 . 2008-06-22 09:59 <DIR> d-------- C:\Documents and Settings\Joanne\Application Data\CadSoft 2008-06-21 21:41 . 2008-06-21 22:13 <DIR> d-------- C:\Program Files\ExpressPCB 2008-06-21 18:24 . 2008-06-21 18:25 24,064 --a------ C:\printer.doc 2008-06-21 11:33 . 2007-09-17 07:04 3,858,432 --a------ C:\WINDOWS\system32\BCGCBPRO95580.dll 2008-06-21 11:32 . 2008-06-21 11:32 <DIR> d-------- C:\Program Files\Atmel 2008-06-21 11:32 . 2006-11-28 07:33 3,653,632 --a------ C:\WINDOWS\system32\BCGCBPRO94080.dll 2008-06-21 11:32 . 2002-01-05 12:37 344,064 --------- C:\WINDOWS\system32\msvcr70.dll 2008-06-21 11:32 . 2002-04-09 06:45 290,904 -ra------ C:\WINDOWS\system32\vc6-re200l.dll 2008-06-21 11:32 . 2007-11-15 10:07 194,362 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys 2008-06-21 11:32 . 2005-03-21 13:05 110,592 -ra------ C:\WINDOWS\system32\wd_utils.dll 2008-06-21 11:32 . 2007-11-15 10:07 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll 2008-06-21 11:32 . 2002-04-29 08:28 69,632 -ra------ C:\WINDOWS\system32\RWUXThemeS.dll 2008-06-21 11:31 . 2008-06-21 11:31 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\InstallShield 2008-06-21 10:23 . 2008-06-21 21:41 <DIR> d-------- C:\Program Files\FreePCB 2008-06-20 23:14 . 2008-06-20 23:14 <DIR> d-------- C:\Program Files\EAGLE-5.0.0 2008-06-20 23:14 . 2008-06-20 23:14 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\CadSoft 2008-06-20 17:39 . 2008-06-20 17:49 <DIR> d-------- C:\Program Files\php-gtk2 2008-06-20 17:33 . 2008-06-20 17:33 <DIR> d-------- C:\Program Files\PHP 2008-06-15 17:31 . 2008-06-15 17:31 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\SolidWorks 2008 2008-06-15 17:30 . 2008-06-15 17:30 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\SolidWorks 2008-06-15 17:29 . 2008-06-15 17:29 23 --ah----- C:\WINDOWS\yacht.xws 2008-06-15 17:22 . 2008-06-15 17:29 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared 2008-06-15 17:21 . 2008-06-15 17:21 <DIR> d-------- C:\Solidworks Data 2008-06-15 17:21 . 2008-06-16 16:44 <DIR> d-------- C:\Program Files\SolidWorks 2008-06-15 17:21 . 2008-06-15 17:21 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008 2008-06-15 17:21 . 2008-06-15 17:21 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-06-15 17:21 . 2008-06-15 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidWorks 2008-06-15 17:19 . 2008-06-15 17:19 <DIR> d-------- C:\Program Files\MSBuild 2008-06-15 17:16 . 2008-06-15 17:16 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-06-15 17:16 . 2008-06-15 17:16 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-06-15 17:16 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-06-15 17:15 . 2008-06-15 17:15 <DIR> d-------- C:\Program Files\MSECache 2008-06-10 11:45 . 2008-06-10 11:45 <DIR> d-------- C:\Program Files\Microsoft Games 2008-06-05 16:57 . 2008-06-05 16:57 <DIR> d-------- C:\Program Files\Investintech.com Inc 2008-05-30 21:23 . 2008-05-30 21:50 <DIR> d-------- C:\GWT 2008-05-27 14:36 . 2008-05-27 14:36 <DIR> d-------- C:\Program Files\Perl Studio 2008 2008-05-27 14:36 . 2008-05-27 14:36 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Cayoren 2008-05-27 14:36 . 2008-05-27 14:36 112 -r-h----- C:\WINDOWS\system32\tstdplx.dnm 2008-05-27 12:23 . 2008-05-27 12:22 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-05-27 12:22 . 2008-05-27 12:23 <DIR> d-------- C:\Program Files\Perl Express . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 08:48 --------- d-----w C:\Program Files\SpeedFan 2008-06-25 21:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-25 05:42 --------- d-----w C:\Documents and Settings\Scott\Application Data\BitTorrent 2008-06-23 19:43 --------- d-----w C:\Program Files\phpDesigner 2008 2008-06-09 22:59 --------- d-----w C:\Program Files\Google 2008-05-30 10:35 --------- d-----w C:\Program Files\eclipse 2008-05-26 09:38 --------- d-----w C:\Program Files\Windows Resource Kits 2008-05-26 09:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-24 22:46 --------- d-----w C:\Program Files\Common Files\Stardock 2008-05-24 22:45 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE 2008-05-24 22:37 --------- d-----w C:\Program Files\Stardock 2008-05-24 22:30 --------- d-----w C:\Program Files\AlienGUIse 2008-05-23 09:47 --------- d-----w C:\Program Files\Docx2Rtf 2008-05-22 19:53 --------- d-----w C:\Documents and Settings\Scott\Application Data\NwDocx 2008-05-22 08:04 --------- d-----w C:\Documents and Settings\Scott\Application Data\AdobeUM 2008-05-18 03:20 --------- d-----w C:\Program Files\PuTTy 2008-05-16 09:13 332,800 ----a-w C:\WINDOWS\system32\wget.exe 2008-05-16 08:35 --------- d-----w C:\Program Files\Packet Excalibur 1.0.2a 2008-05-16 08:35 --------- d-----w C:\Program Files\Packet Excalibur 1.0.2 2008-05-16 05:03 --------- d-----w C:\Program Files\WinPcap 2008-05-16 04:39 --------- d-----w C:\Documents and Settings\Scott\Application Data\SSH 2008-05-13 04:36 --------- d-----w C:\Documents and Settings\Scott\Application Data\Wireshark 2008-05-13 04:33 --------- d-----w C:\Documents and Settings\Scott\Application Data\vlc 2008-05-13 04:23 --------- d-----w C:\Program Files\VideoLAN 2008-05-05 05:05 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-05 05:05 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-05-05 05:05 --------- d-----w C:\Program Files\AVG 2008-05-05 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2007-09-11 09:09 7,680 --sha-w C:\Program Files\Thumbs.db 2007-08-11 04:18 1,081 ----a-w C:\Program Files\INSTALL.LOG 2006-09-06 09:00 218,112 ----a-w C:\Program Files\destroy.exe 2004-10-01 03:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2000-05-28 02:57 5,760,288 ----a-w C:\Documents and Settings\Old PC\ar405eng.exe 1998-06-19 00:23 270,848 ----a-w C:\Program Files\UNWISE.EXE 1999-04-23 22:22 12 --sha-w C:\WINDOWS\system\WININETICMP32.drv 2006-10-24 00:17 88 --sh--r C:\WINDOWS\system32\75E0FD099E.sys 2006-10-24 00:17 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2006-04-21 00:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2004-08-05 00:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2007-06-09 09:53 359808 eb07e7744e2fce7acd9514a9328bdd45 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-27_16.52.29.25 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-27 04:33:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-27 09:33:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}] C:\WINDOWS\system32\fccdcCUN.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6221A503-E4EC-4E03-A407-034AAD2172B9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63EE8DD1-D0EB-4A34-B133-E38B41307B27}] C:\WINDOWS\gfetqaxsqsb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A7AD16DA-8E3D-4914-A1D3-8120A2E96BCD}"= "C:\WINDOWS\gxvpsafm.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{a7ad16da-8e3d-4914-a1d3-8120a2e96bcd}] [HKEY_CLASSES_ROOT\gxvpsafm.1] [HKEY_CLASSES_ROOT\TypeLib\{95C068BC-1021-4053-8457-FCCC347F3D40}] [HKEY_CLASSES_ROOT\gxvpsafm] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 21:44 16120832 C:\WINDOWS\RTHDCPL.EXE] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 16:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 16:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 16:17 118784] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 16:54 131072] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "eTrust PestPatrol Active Protection"="none" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 14:06 1397760] "hpppt"="" [] "DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 20:04 356352] "DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 20:04 16384] "StarUpdater"="" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 00:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 00:41 1626112 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 00:41 81920] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-05 17:05 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 00:00 15360] "Bandwidth Monitor Pro"="C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe" [ ] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\fccdcCUN.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdcCUN] fccdcCUN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\retadpu32.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"= "C:\\Program Files\\Sierra\\Counter-Strike\\cstrike.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\day of defeat\\hl.exe"= "C:\\Games\\Medal of Honor Pacific Assault\\mohpa.exe"= "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe"= "C:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"= "C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe"= "C:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\counter-strike\\hl.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\half-life\\hl.exe"= "C:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"= "C:\\Games\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"= "C:\\Games\\Steam\\steamapps\\ratcateme\\team fortress classic\\hl.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\deathmatch classic\\hl.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\opposing force\\hl.exe"= "C:\\Program Files\\Cain\\Cain.exe"= "C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"= "C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "C:\\Games\\Day of Defeat\\dod.exe"= "C:\\Games\\Steam\\steamapps\\ratcateme\\ricochet\\hl.exe"= "C:\\Program Files\\xchat\\xchat.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-06-26 04:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-27 09:40:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CD36D5E0-C892-4C4D-89F5-8F5EDB2320D6}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 21:40:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-27 21:43:50 ComboFix-quarantined-files.txt 2008-06-27 09:43:47 ComboFix2.txt 2008-06-27 09:13:59 ComboFix3.txt 2008-06-27 04:52:44 Pre-Run: 164,973,490,176 bytes free Post-Run: 164,957,990,912 bytes free 227 --- E O F --- 2007-11-14 00:45:16here are the results from SmitfraudFix
SmitFraudFix v2.328 Scan done at 21:25:33.45, Fri 27/06/2008 Run from C:\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 10.1.1.4 bob 10.1.1.253 ratcat.homelinux.com »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Endand here is a current hijackthis report
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:01 p.m., on 8/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Sun\jstudio_ent81\collab\bin\xmppd-jse.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\D-Link\DSL-200\dslstat.exe C:\Program Files\D-Link\DSL-200\dslagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Games\Steam\steam.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39D67F39-6F48-438A-80A2-F86FE363C215} - C:\WINDOWS\system32\fccdcCUN.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll (file missing) O2 - BHO: QXK Olive - {63EE8DD1-D0EB-4A34-B133-E38B41307B27} - C:\WINDOWS\gfetqaxsqsb.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: gxvpsafm - {A7AD16DA-8E3D-4914-A1D3-8120A2E96BCD} - C:\WINDOWS\gxvpsafm.dll (file missing) O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent O4 - HKCU\..\Policies\Explorer\Run: [{2868868E-0745-1033-0630-060126200040}] "C:\Program Files\Common Files\{2868868E-0745-1033-0630-060126200040}\Update.exe" mc-110-12-0000272 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Startup: lsass.lnk = ? O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Star Alliance Auto Update Conduit (English).lnk = C:\Program Files\Star Alliance Auto Update Conduit (English)\en\st_conduit_en.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - http://www.frogprints.co.nz/order/ImageUploader3.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{380A8DD9-EC5F-48BE-9B7B-F0F4A5D78094}: NameServer = 10.1.1.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll O20 - Winlogon Notify: fccdcCUN - fccdcCUN.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ManageEngine Applications Manager (Applications Manager) - Unknown owner - C:\Program Files\AdventNet\ME\AppManager7\working\wrapper.exe (file missing) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Collaboration Runtime Service (xmppd-jse) - Unknown owner - C:\Program Files\Sun\jstudio_ent81\collab\bin\xmppd-jse.exe -- End of file - 10470 bytesNow my pc works and most of the virus appares to be gone but every so often my soundcard drivers stop working they dont get uninstalled just stop working and i have to reinstall them to get sound working. also after all that IE 7 had no javascript i looked of a fix and most pages told me to check inertnet settings that didn't work. i then found things telling me to reinstall windows script but that didnt work it ended in this error
Error registering the OCX C:\WINDOWS\system32\jscript.dll
i then reried to manualy register or unregister jscript.dll and vbscript.dll using regsvr32. unregistering and registering resulted in:
DllUnregisterServer in jscript.dll failed
Return code was: 0x80004005
i then found something about adding register entries like this so i careted this .reg file and ran it
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}] @="JScript Language Encoding" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\InprocServer32] @="C:\\WINDOWS\\system32\\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\OLEScript] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb558}\ProgID] @="JScript.Encode" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}] @="JScript Language Encoding" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\InprocServer32] @="C:\\WINDOWS\\system32\\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\OLEScript] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb558}\ProgID] @="JScript.Encode" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}] @="JScript Language Encoding" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A1-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A2-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\Implemented Categories\{F0B7A1A3-9847-11CF-8F20-00805F2CD064}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\InprocServer32] @="C:\\WINDOWS\\system32\\jscript.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\OLEScript] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb558}\ProgID] @="JScript.Encode"
that fixed IE 7. but my sound card still uninstalls and windows media player wont start i think it might be realted. also yesterday when i tried to login. i couldn't click in the password box so i pressed Ctrl+Alt+Del twice to get a login screen and loggedin there when i got in my objectdock toolbar had been reset desktop picture had been reset and when i opened outlook it asked me to setup my personal file when i went to C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Outlook it was empty and my file was gone.
i found this thread and ran dss here is the logs
Extra.txt
[code=auto:0]Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1023.17 MiB / 442.4 MiB
Pagefile Memory (total/avail): 2452.14 MiB / 1997.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.67 MiB
C: is Fixed (NTFS) - 298.09 GiB total, 139.1 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.09 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FirewallOverride is set.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"="C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe:*:Enabled:FreeHand 10"
"C:\\Program Files\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Program Files\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Games\\Steam\\steamapps\\ratcateme\\day of defeat\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Medal of Honor Pacific Assault\\mohpa.exe"="C:\\Games\\Medal of Honor Pacific Assault\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"="C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Enabled:Fireworks MX"
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_09\\jre\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.6.0\\jre\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Games\\Steam\\steamapps\\ratcateme\\counter-strike\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Steam\\steamapps\\ratcateme\\half-life\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="C:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\\Games\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Games\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Games\\Steam\\steamapps\\ratcateme\\team fortress classic\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Steam\\steamapps\\ratcateme\\deathmatch classic\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Steam\\steamapps\\ratcateme\\opposing force\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Cain\\Cain.exe"="C:\\Program Files\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Games\\Day of Defeat\\dod.exe"="C:\\Games\\Day of Defeat\\dod.exe:*:Enabled:Day of Defeat Launcher"
"C:\\Games\\Steam\\steamapps\\ratcateme\\ricochet\\hl.exe"="C:\\Games\\Steam\\steamapps\\ratcateme\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe&