[FenrusisindireneedofhelpDX]

Okay, I'm a bit stuck here. Ive been having a lot of problems with popups lately, and theres this strange thing where it replaces anything like youtube vids or "typical" ads, with the kind that are always saying "youre our 10millionth member!" I scanned with Norton Antivirus corporate addition and it only came up with one virus. out of everything. anyways, the virus it brought up was this;

C:\WINDOWS\system32\msansspc.dll

I could use help as soon as possible. My family's reply to any and all viruses are formatting the entire system. Do you know how annoying it is to install like 400 pc games over and over again in like ONE MONTH?! Help the family computor guy with no experience dealing with trojans out, man T-T

anyways, here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:59 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
C:\Documents and Settings\Carson\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\Carson\Application Data\Twain\Twain.exe
C:\PROGRA~1\COMMON~1\wwoo\wwoom.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5f7ebd12-823b-4f5c-be77-6a69eb19ac07} - C:\WINDOWS\system32\zowepaba.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\helper.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zimuyuyuko] Rundll32.exe "C:\WINDOWS\system32\nubelipe.dll",s
O4 - HKLM\..\Run: [64e359e2] rundll32.exe "C:\WINDOWS\system32\yiyaruja.dll",b
O4 - HKLM\..\Run: [CPM67d06a7e] Rundll32.exe "c:\windows\system32\zadohilo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Carson\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Carson\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [wwoo] C:\PROGRA~1\COMMON~1\wwoo\wwoom.exe
O4 - HKUS\S-1-5-19\..\Run: [zimuyuyuko] Rundll32.exe "C:\WINDOWS\system32\nubelipe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zimuyuyuko] Rundll32.exe "C:\WINDOWS\system32\nubelipe.dll",s (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200966398890
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://nmcremote.nm...0.165 msrdp.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames...ctivex/YoYo.cab
O18 - Filter hijack: text/html - {e56195ed-66fe-401d-874f-5986e2654e86} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\huvajolu.dll c:\windows\system32\zadohilo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zadohilo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zadohilo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 11842 bytes

[Advertisements]

Hello FenrusisindireneedofhelpDX

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[kahdah]

Hello FenrusisindireneedofhelpDX

Welcome to G2Go.
=====================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Close ALL Internet browsers (very important).
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
• Under Additional Scans click the checkboxes in front of the following items to select them:
  • 
    File - Lop check
    File - Purity Scan
    Under Basic scans:
    Rootkit Search -Yes
• Do not change any other settings.
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Attach the information back here. I will review it when it comes in.

[FenrusisindireneedofhelpDX]

Okay, I followed all of the instructions except for the very last one which I couldn't understand, "Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it."

Anyways, heres the file I got:


[code=auto:0]OTScanIt2 logfile created on: 12/4/2008 4:23:52 PM - Run 2
OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Virus Cleaning Software\OTScanIt2
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 534.69 Mb Available Physical Memory | 55.78% Memory free
2.26 Gb Paging File | 1.82 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.50 Gb Total Space | 113.41 Gb Free Space | 63.90% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.85% Space Free | Partition Type: FAT32
Drive E: | 621.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 478.00 Mb Total Space | 316.42 Mb Free Space | 66.20% Space Free | Partition Type: FAT

Computer Name: MH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.)
arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> [2005/08/03 00:19:16 | 00,077,312 | ---- | M] (Microsoft)
arservice.exe -> %SystemRoot%\arservice.exe -> [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft)
defwatch.exe -> %ProgramFiles%\NavNT\defwatch.exe -> [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation)
dmascheduler.exe -> %ProgramFiles%\HP DigitalMedia Archive\DMAScheduler.exe -> [2006/03/20 10:05:00 | 00,090,112 | ---- | M] (Sonic Solutions)
ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 21:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2005/12/15 20:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/09/29 22:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998/05/07 10:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 23:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.)
jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> [2008/02/22 03:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> [2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/03/24 02:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
msgsys.exe -> %SystemRoot%\system32\MSGSYS.EXE -> [2000/09/18 17:12:40 | 00,014,336 | ---- | M] (Intel Corporation)
msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
nintendowfcreg.exe -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [2007/06/28 16:10:00 | 01,175,552 | ---- | M] ()
npkcmsvc.exe -> %SystemDrive%\Nexon\Mabinogi\npkcmsvc.exe -> [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.)
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2006/01/24 20:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation)
onenotem.exe -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %SystemDrive%\Virus Cleaning Software\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
ourpictures.exe -> %ProgramFiles%\RitzPix E-Z Print & Share\OurPictures.exe -> [2006/06/19 16:30:00 | 04,796,416 | ---- | M] (Simple Star, Inc.)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2006/03/08 05:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
rtvscan.exe -> %ProgramFiles%\NavNT\rtvscan.exe -> [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/09 22:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
vptray.exe -> %ProgramFiles%\NavNT\vptray.exe -> [2001/09/24 07:59:00 | 00,073,728 | ---- | M] (Symantec Corporation)
wlloginproxy.exe -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WLLoginProxy.exe -> [2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation)
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> [2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS)
wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe -> [2006/08/29 01:23:44 | 05,527,040 | ---- | M] (Linksys)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.)
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> [2005/08/03 00:19:16 | 00,058,880 | ---- | M] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 09:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
(DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\defwatch.exe -> [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2005/12/15 20:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 21:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/09 22:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBPRO.EXE -> [2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company)
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\spool\drivers\w32x86\3\HPBOID.EXE -> [2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/03/24 02:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 21:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 07:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\NavNT\rtvscan.exe -> [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation)
(npkcmsvc) npkcmsvc [Win32_Own | Auto | Running] -> %SystemDrive%\Nexon\Mabinogi\npkcmsvc.exe -> [2007/08/02 11:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/01/24 20:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Boot | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/08/04 02:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> -> File not found

[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2008/01/22 22:37:41 | 00,020,747 | ---- | M] (Meetinghouse Data Communications)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices)
(atksgt) atksgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\atksgt.sys -> [2008/07/18 14:28:35 | 00,165,376 | ---- | M] ()
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bb-run.sys -> [2003/11/05 08:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftsata2.sys -> [2005/06/29 18:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2005/01/08 01:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2006/04/12 18:04:39 | 00,049,664 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2006/04/12 18:04:39 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> [2005/12/06 12:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> [2005/12/06 12:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2006/03/08 14:27:12 | 04,246,016 | ---- | M] (Realtek Semiconductor Corp.)
(lirsgt) lirsgt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\lirsgt.sys -> [2008/07/18 14:28:34 | 00,018,048 | ---- | M] ()
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 16:57:08 | 00,012,544 | ---- | M] (Conexant)
(NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\NavNT\navap.sys -> [2001/09/24 07:59:00 | 00,176,208 | ---- | M] ()
(NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\NavNT\Navapel.sys -> [2001/09/24 07:59:00 | 00,009,232 | ---- | M] ()
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20081119.017\NAVENG.SYS -> [2008/11/19 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20081119.017\NAVEX15.SYS -> [2008/11/19 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation)
(NEOFLTR_550_12029) Juniper Networks TDI Filter Driver (NEOFLTR_550_12029) [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NEOFLTR_550_12029.sys -> [2007/08/23 17:02:20 | 00,063,008 | ---- | M] (Juniper Networks)
(npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> [2008/01/22 12:39:40 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/01/24 20:15:00 | 03,535,520 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/03/03 15:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/03/03 15:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/09 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/08/19 11:00:00 | 00,046,080 | ---- | M] (Sonic Solutions)
(RT25USBAP) Nintendo Wi-Fi USB Connector Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RT25USBAP.SYS -> [2006/04/10 13:02:00 | 00,162,816 | ---- | M] (Ralink Technology Inc.)
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt73.sys -> [2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2008/11/01 11:51:04 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> [2006/03/26 06:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce))
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> [2006/03/13 03:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce))
(sfsync04) StarForce Protection Synchronization Driver (version 4.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync04.sys -> [2006/03/24 10:27:01 | 00,050,176 | ---- | M] (Protection Technology (StarForce))
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfvfs02.sys -> [2005/11/03 08:40:07 | 00,063,488 | ---- | M] (Protection Technology)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2001/09/24 02:29:00 | 00,057,696 | ---- | M] (Symantec Corporation)
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tbhsd.sys -> [2008/02/20 11:47:34 | 00,027,936 | ---- | M] (RapidSolution Software AG)
(USB_RNDIS) Compact Wireless-G USB Network Adapter with SpeedBooster [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2004/08/09 22:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation)
(winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/06 12:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.)
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{5f7ebd12-823b-4f5c-be77-6a69eb19ac07} [HKLM] -> %SystemRoot%\system32\zowepaba.dll [Reg Error: Value does not exist or could not be read.] -> [2008/09/03 08:03:53 | 00,064,000 | -HS- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> [2008/02/22 03:25:19 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 09:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2006/06/05 16:25:02 | 00,217,088 | ---- | M] (TODO: <Company name>)
{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} [HKLM] -> %ProgramFiles%\Common\helper.dll [Browser Helper Object] -> [2008/11/06 20:36:19 | 00,282,636 | ---- | M] ()
{D88E1558-7C2D-407A-953A-C044F5607CEA} [HKLM] -> %ProgramFiles%\Mjcore\Mjcore.dll [Mjcore Class] -> [2008/12/01 09:09:37 | 00,116,224 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"64e359e2" -> %SystemRoot%\system32\loyuvejo.dll [rundll32.exe "C:\WINDOWS\system32\loyuvejo.dll",b] -> [2008/12/04 15:57:14 | 00,086,581 | -HS- | M] ()
"AlwaysReady Power Message APP" -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 00:19:16 | 00,077,312 | ---- | M] (Microsoft)
"CPM67d06a7e" -> %SystemRoot%\system32\worusego.dll [Rundll32.exe "c:\windows\system32\worusego.dll",a] -> [2008/12/04 15:57:14 | 00,095,797 | -HS- | M] ()
"DMAScheduler" -> %ProgramFiles%\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> [2006/03/20 10:05:00 | 00,090,112 | ---- | M] (Sonic Solutions)
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 22:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation)
"HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 23:34:58 | 00,249,856 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/01/24 20:15:00 | 07,311,360 | ---- | M] (NVIDIA Corporation)
"nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2006/01/24 20:15:00 | 01,519,616 | ---- | M] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/03/28 22:37:20 | 00,413,696 | ---- | M] (Apple Inc.)
"Recguard" -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 23:14:00 | 00,237,568 | ---- | M] ()
"RTHDCPL" -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> [2006/03/08 05:54:04 | 16,010,240 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> [2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"vptray" -> %ProgramFiles%\NavNT\vptray.exe [C:\Program Files\NavNT\vptray.exe] -> [2001/09/24 07:59:00 | 00,073,728 | ---- | M] (Symantec Corporation)
"zimuyuyuko" -> %SystemRoot%\system32\nubelipe.dll [Rundll32.exe "C:\WINDOWS\system32\nubelipe.dll",s] -> [2008/09/03 08:03:53 | 00,064,000 | -HS- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"OurPictures" -> %ProgramFiles%\RitzPix E-Z Print & Share\OurPictures.exe ["C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart] -> [2006/06/19 16:30:00 | 04,796,416 | ---- | M] (Simple Star, Inc.)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006/10/23 00:48:20 | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [2006/10/22 23:01:50 | 00,734,872 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\Run Registration Tool.lnk -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [2007/06/28 16:10:00 | 01,175,552 | ---- | M] ()
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> %ProgramFiles%\Microsoft Office\Office12\ONENOTEM.EXE -> [2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000] -> [2008/07/30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Menu: Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2006/06/05 16:25:02 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2006/06/05 16:25:02 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{3DCEC959-378A-4922-AD7E-FD5C925D927F} [HKLM] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab[Disney Online Games ActiveX Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200966398890[WUWebControl Class] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] ->
{7584C670-2274-4EFB-B00B-D6AABA6D3850} [HKLM] -> https://nmcremote.nmcco.com/tsweb/,DanaInfo=172.27.0.165+msrdp.cab[Microsoft RDP Client Control (redist)] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{C49134CC-B5EF-458C-A442-E8DFE7B4645F} [HKLM] -> http://www.yoyogames.com/downloads/activex/YoYo.cab[YYGInstantPlay Control] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{08777970-59A5-4C21-A0E7-A4903C908EF9} -> (Compact Wireless-G USB Adapter) ->
{40194843-A10C-44DB-977E-597BD34575B0} -> (Nintendo Wi-Fi USB Connector) ->
{892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
{8B1A7EAB-81AE-4E0D-9F40-FC91DF340475} -> (NVIDIA nForce Networking Controller) ->
{91CAE8BB-DB88-4B6D-8005-563B90766512} -> (1394 Net Adapter) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\WINDOWS\system32\huvajolu.dll -> %SystemRoot%\system32\huvajolu.dll -> [2008/09/03 08:03:53 | 00,064,000 | -HS- | M] ()
c:\windows\system32\worusego.dll -> %SystemRoot%\system32\worusego.dll -> [2008/12/04 15:57:14 | 00,095,797 | -HS- | M] ()
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [2001/09/24 07:59:00 | 00,045,056 | ---- | M] ()
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\worusego.dll [SSODL] -> [2008/12/04 15:57:14 | 00,095,797 | -HS- | M] ()
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\worusego.dll [STS] -> [2008/12/04 15:57:14 | 00,095,797 | -HS- | M] ()
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msansspc.dll -> -> File not found
digeste.dll -> %SystemRoot%\system32\digeste.dll -> [2008/11/30 09:05:40 | 00,022,528 | ---- | M] ()
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/09 22:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2008/10/28 22:34:02 | 01,093,632 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2008/10/23 22:34:33 | 01,055,744 | ---- | M] (Nexon)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/05 16:22:19 | 00,036,903 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/09 22:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2008/10/22 19:51:15 | 00,159,744 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> [2008/10/28 22:34:02 | 01,093,632 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> [2008/10/23 22:34:33 | 01,055,744 | ---- | M] (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" -> C:\Nexon\Combat Arms\NMService.exe [C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core] -> [2008/10/01 12:39:08 | 01,470,464 | R--- | M] (Nexon Corp.)
"C:\Nexon\MapleStory\MapleStory.exe" -> C:\Nexon\MapleStory\MapleStory.exe [C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory] -> [2008/10/16 08:59:34 | 03,100,720 | ---- | M] (Wizet)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 03:12:40 | 01,077,248 | ---- | M] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 03:11:54 | 00,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 03:11:50 | 00,094,208 | ---- | M] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" -> C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe [C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942] -> [2004/01/22 10:35:38 | 05,648,384 | ---- | M] ()
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe" -> C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe [C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Disabled:bfvietnam] -> [2004/09/23 11:24:46 | 09,688,576 | ---- | M] ()
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 05:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 03:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 02:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 02:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 02:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 03:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2005/12/15 20:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/17 00:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2005/12/15 20:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2005/12/15 19:40:44 | 00,282,624 | ---- | M&

[kahdah]

Hi your picture at the bottom is way to big it about takes up most of your post please use a smaller picture that size is not allowed.
Also please Click Here and upload the OTscan it log I didn't get all of it.

[FenrusisindireneedofhelpDX]

Ah, well I saw that you can upload in the post with an attachment, so thats what I did, because part of this virus is where it flashes an IP address of some sort, and then redirects me off course, and thats what was happening with that link. So yeah. -_-0  OTScanIt.Txt   335.05KB   152 downloads...

[kahdah]

1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop
• Place a check mark next to "Automatically disable any rootkits found"

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%programfiles%\common\helper.dll
%programfiles%\mjcore\mjcore.dll
%systemroot%\system32\a.exe
%systemroot%\system32\ajurayiy.ini
%systemroot%\system32\ayonewab.ini
%systemroot%\system32\bawenoya.dll
%systemroot%\system32\digeste.dll
%systemroot%\system32\hihatofo.dll
%systemroot%\system32\huvajolu.dll
%systemroot%\system32\lodiluve.dll
%systemroot%\system32\loyuvejo.dll
%systemroot%\system32\nubelipe.dll
%systemroot%\system32\ofotahih.ini
%systemroot%\system32\ojevuyol.ini
%systemroot%\system32\rubuvefu.dll
%systemroot%\system32\tsuninst.exe
%systemroot%\system32\worusego.dll
%systemroot%\system32\yiyaruja.dll
%systemroot%\system32\zadohilo.dll
%systemroot%\system32\zowepaba.dll
d:\autorun.inf
Folders to delete:
%commonprogramfiles%\wwoo
%programfiles%\common
%programfiles%\inetget2
%programfiles%\mjcore
%systemroot%\wwoo
c:\program files\inetget2

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.
=============
Immediatley do the following as well:
Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {5f7ebd12-823b-4f5c-be77-6a69eb19ac07} [HKLM] -> %SystemRoot%\system32\zowepaba.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} [HKLM] -> %ProgramFiles%\Common\helper.dll [Browser Helper Object]
YY -> {D88E1558-7C2D-407A-953A-C044F5607CEA} [HKLM] -> %ProgramFiles%\Mjcore\Mjcore.dll [Mjcore Class]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "64e359e2" -> %SystemRoot%\system32\bawenoya.dll [rundll32.exe "C:\WINDOWS\system32\bawenoya.dll",b]
YY -> "CPM67d06a7e" -> %SystemRoot%\system32\lodiluve.dll [Rundll32.exe "c:\windows\system32\lodiluve.dll",a]
YY -> "zimuyuyuko" -> %SystemRoot%\system32\nubelipe.dll [Rundll32.exe "C:\WINDOWS\system32\nubelipe.dll",s]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> trymedia.com .[http] -> Trusted sites
YN -> trymedia.com .[https] -> Trusted sites
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> C:\WINDOWS\system32\huvajolu.dll -> %SystemRoot%\system32\huvajolu.dll
YY -> c:\windows\system32\lodiluve.dll -> %SystemRoot%\system32\lodiluve.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\lodiluve.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\lodiluve.dll [STS]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN ->  msansspc.dll -> 
NY ->  digeste.dll -> %SystemRoot%\system32\digeste.dll
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Drives with AutoRun files > -> 
YY -> D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ]
[Files/Folders - Created Within 30 Days]
NY -> ayonewab.ini -> %SystemRoot%\System32\ayonewab.ini
NY -> ojevuyol.ini -> %SystemRoot%\System32\ojevuyol.ini
NY -> ofotahih.ini -> %SystemRoot%\System32\ofotahih.ini
NY -> ajurayiy.ini -> %SystemRoot%\System32\ajurayiy.ini
NY -> a.exe -> %SystemRoot%\System32\a.exe
NY -> tsuninst.exe -> %SystemRoot%\System32\tsuninst.exe
NY -> wwoo -> %SystemRoot%\wwoo
NY -> wwoo -> %CommonProgramFiles%\wwoo
NY -> InetGet2 -> %ProgramFiles%\InetGet2
NY -> Mjcore -> %ProgramFiles%\Mjcore
NY -> digeste.dll -> %SystemRoot%\System32\digeste.dll
NY -> Common -> %ProgramFiles%\Common
[Files/Folders - Modified Within 30 Days]
NY -> ojevuyol.ini -> %SystemRoot%\System32\ojevuyol.ini
NY -> worusego.dll -> %SystemRoot%\System32\worusego.dll
NY -> loyuvejo.dll -> %SystemRoot%\System32\loyuvejo.dll
NY -> ofotahih.ini -> %SystemRoot%\System32\ofotahih.ini
NY -> rubuvefu.dll -> %SystemRoot%\System32\rubuvefu.dll
NY -> hihatofo.dll -> %SystemRoot%\System32\hihatofo.dll
NY -> ajurayiy.ini -> %SystemRoot%\System32\ajurayiy.ini
NY -> zadohilo.dll -> %SystemRoot%\System32\zadohilo.dll
NY -> yiyaruja.dll -> %SystemRoot%\System32\yiyaruja.dll
[File - Purity Scan]
NY -> InetGet2 -> C:\Program Files\InetGet2
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
============================================
Post these logs in your next reply:
Avenger log
New OtScan it log