also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Inactive] Computer freezes occasionally about every 10 minutes for 2 minutes

Discussion in 'Virus and Malware Removal' started by Chuanny, Jan 12, 2011.

Thread Status:
Not open for further replies.

  1. Chuanny Newcomer, in training

    Hi. I have a computer which uses Norton 360 for its anti-virus software. Recently about 3 weeks, the computer has been freezing for about 2 minutes, every 10 minutes or so. I have followed the 8-step removal instructions but the problem continues. I have posted the relevant information that is required. Thankyou.



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 13/02/2006 5:38:22 PM
    System Uptime: 9/01/2011 10:29:34 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0JC474
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 6.222 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 75 GiB total, 7.261 GiB free.
    F: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia E65
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia E65
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP131: 9/01/2011 7:28:03 AM - System Checkpoint

    ==== Installed Programs ======================

    ³×ÀÌÆ® ÁÖ¼Òâ °Ë»ö
    ³×ÀÌÆ®¿Â °£´Ü ¸ÞÀÏ ÀúÀå
    µTorrent
    °õÇ÷¹À̾î
    AC3_looker
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    AOL Australia
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 1.0
    Canon MP210 series
    Canon My Printer
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CDDRV_Installer
    CDSpace
    Convert AVI to MP4 1.3
    Critical Update for Windows Media Player 11 (KB959772)
    dBpowerAMP WMA V9.1 Codec
    Dell Media Experience
    Dell Support Center (Support Software)
    DellSupport
    DivX Setup
    Drag-to-Disc
    Easy-WebPrint
    Free Download Manager 3.0
    GOM Audio
    GOM Player
    Google Earth
    Google Earth Plug-in
    Google Update Helper
    Graboid Video 2.01
    Graph 4.3
    GraphCalc v4.0.1
    High Definition Audio Driver Package - KB835221
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    install-us 2010
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    KhalInstallWrapper
    Knight Online
    Korean Fonts Support For Adobe Reader 8
    Korean Language Support
    League of Legends
    LG PC Suite
    LimeWire 5.5.13
    Logitech SetPoint
    Logitech Updater
    Malwarebytes' Anti-Malware
    MapleStory
    MathGV 4
    MCU
    Messenger Plus! Live
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft DirectX SDK (June 2010)
    Microsoft Games for Windows - LIVE
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox (3.6.13)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    MSXML4 Parser
    Music Frost Toolbar
    MusicFrost 2.7
    My Way Search Assistant
    MySidesearch Search Assistant Bfinding
    NBA 2K10
    Nero 7 Ultra Edition
    Nokia Connectivity Cable Driver
    Norton 360
    OGA Notifier 1.7.0105.35.0
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    Otto
    Pando Media Booster
    PC Connectivity Solution
    PDF Manual NW-A800 Series
    PhotoPad Image Editor
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    SAMSUNG Mobile Modem V2 Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Download Driver Software
    SAMSUNG Mobile USB Driver
    SAMSUNG Mobile USB Modem 1.0 Software
    Samsung Mobile USB Modem Device Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    SAMSUNG SYMBIAN USB Download Driver
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    ScanSoft OmniPage SE 4
    Security Task Manager 1.7h
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Smart Menus (Windows Live Toolbar)
    Sonic Encoders
    Sony Video Shared Library
    Standard Edition
    Steam
    SUPER © Version 2010.bld.42 (Nov 7, 2010)
    System Requirements Lab
    Tabbed Browsing (Windows Live Toolbar)
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Uniblue RegistryBooster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.4053
    Video Downloader
    VLC media player 1.0.1
    WebFldrs XP
    Windows Communication Foundation
    Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinPcap 3.1
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    9/01/2011 10:26:35 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
    9/01/2011 10:26:35 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    9/01/2011 10:26:35 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    9/01/2011 10:26:35 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    9/01/2011 10:26:35 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/01/2011 10:26:35 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/01/2011 9:32:24 AM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 001320C1F94E has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
    6/01/2011 11:19:42 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/01/2011 2:31:11 PM, error: Service Control Manager [7000] - The procguard service failed to start due to the following error: The system cannot find the file specified.
    5/01/2011 2:30:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    4/01/2011 5:52:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Chuan-Chun at 22:53:46.75 on Sun 09/01/2011
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2038.1238 [GMT 11:00]

    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\MusicFrost\MusicFrost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Documents and Settings\Chuan-Chun\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DA
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    uURLSearchHooks: CSearchBHO Class: {25a6edbf-c0fd-4ff7-b6a7-c6edea3b0b55} - c:\program files\musicfrost\music frost toolbar\SearchBHO.dll
    BHO: {0141AD86-750D-4E9D-84C8-E71941CE4D9A} - No File
    BHO: {016E8B25-169A-4BE9-8FE0-F573BE0E562C} - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: CSearchBHO Class: {25a6edbf-c0fd-4ff7-b6a7-c6edea3b0b55} - c:\program files\musicfrost\music frost toolbar\SearchBHO.dll
    BHO: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - No File
    BHO: ShowBarObj Class: {2863e737-dd3f-4280-9af8-e9e79c16f312} - c:\program files\musicfrost\music frost toolbar\MinBHO.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: {8E61BBF6-6E3C-4E06-B816-42AC5F951335} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {C872E221-2E6B-428D-93A0-D06CB488DF33} - No File
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {36d3149b-9e68-2d2a-15b4-43fb32893b9e}: {e9b39823-bf34-4b51-a2d2-86e9b9413d63} -
    BHO: Nate Search Class: {ffde727f-3330-45eb-b9f9-c1668e6e08b2} - c:\program files\nate\addresssearch\sch.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    TB: MF Google Search: {f2b3e4c7-a7cf-4c62-aed7-adc5ed52016d} - c:\program files\musicfrost\music frost toolbar\SaveTubeVideo.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; SeekmoToolbar 4.8.4; .NET CLR 3.0.04506.30; .NET CLR 2.0.50727)" -"http://www.freearcade.com/WedgeWars.shock/WedgeWars.html"
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\chuan-~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\musicf~1.lnk - c:\program files\musicfrost\MusicFrost.exe
    IE: &Search - http://edits.mywebsearch.com/toolba...000&si=&a=QZjrWUVCdWsLf0eiLNQHEg&n=2010103100
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: kuaiche.com\software
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/stg_drm.ocx
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {1F9079B1-CB38-4DC0-9DAD-080BD2255698} - hxxp://wvw.kongdisk.com/activex/KongdiskControl.CAB
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234096613953
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234096598156
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1004.cab
    DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
    DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
    DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090923.cab
    DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} - hxxp://patch.kongdisk.com/install/kongdisk.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
    Notify: awtsTMGX - awtsTMGX.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\windows\system32\__c0068B44.dat
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {73259091-9574-4ED8-A40F-7F65AFC28634} - No File
    SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
    LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyvUkL
    LSA: Notification Packages = :\windows\syste

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\chuan-~1\applic~1\mozilla\firefox\profiles\613cn2um.default\
    FF - prefs.js: browser.search.selectedEngine - MFGSearch.NET
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.musicfrost.com/results.php?q=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
    FF - component: c:\program files\musicfrost\music frost toolbar\ff\components\swslib.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: MF Custom Search: MFToolbar@skywebsearch.com - c:\program files\musicfrost\music frost toolbar\FF

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-21 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-21 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-21 482432]
    R1 cdspacex;CDSPACEX;c:\windows\system32\drivers\CDSPACEX.sys [2009-7-13 53248]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110107.002\IDSXpx86.sys [2011-1-8 341944]
    R1 XSpaceWg;XSpaceWg;c:\windows\system32\drivers\xspacewg.sys [2009-7-13 3798]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    R3 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-21 117640]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110107.021\NAVENG.SYS [2011-1-8 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110107.021\NAVEX15.SYS [2011-1-8 1360760]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-9 38224]
    S0 N10;iriver Internet Audio Player N10;c:\windows\system32\drivers\n10.sys --> c:\windows\system32\drivers\N10.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-21 133104]
    S2 procguard;procguard;\??\c:\windows\system32\drivers\procguard.sys --> c:\windows\system32\drivers\procguard.sys [?]
    S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\docume~1\chuan-~1\locals~1\temp\nso502.tmp\tffregnt.sys --> c:\docume~1\chuan-~1\locals~1\temp\nso502.tmp\TfFRegNt.sys [?]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-9-26 36608]
    S3 geebers12;geebers12;\??\c:\program files\maple-fun\vicious\nvid888.sys --> c:\program files\maple-fun\vicious\nvid888.sys [?]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2005-5-11 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2005-5-11 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2005-5-11 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2005-5-11 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2005-5-11 77072]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 ShadowDefence;Shadow Defence;\??\c:\docume~1\chuan-~1\locals~1\temp\sdef.sys --> c:\docume~1\chuan-~1\locals~1\temp\SDef.sys [?]
    S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\drivers\tworabts.sys --> c:\windows\system32\drivers\TwoRabts.sys [?]
    S3 XDva136;XDva136;\??\c:\windows\system32\xdva136.sys --> c:\windows\system32\XDva136.sys [?]
    S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
    S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
    S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]
    S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]
    S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
    S4 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\processguard\dcsuserprot.exe" --> c:\program files\processguard\dcsuserprot.exe [?]
    S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-9-26 237984]

    =============== Created Last 30 ================

    2011-01-09 11:50:48 -------- d-----w- c:\docume~1\chuan-~1\applic~1\Malwarebytes
    2011-01-09 11:50:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-09 11:50:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-09 11:50:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-09 11:50:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 07:17:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-08 07:17:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-08 07:17:48 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-01-07 11:19:18 719872 ----a-w- c:\windows\system32\devil.dll
    2011-01-07 11:19:16 369152 ----a-w- c:\windows\system32\avisynth.dll
    2011-01-07 11:19:13 70656 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-01-07 11:19:13 27648 ----a-w- c:\windows\system32\AVSredirect.dll
    2011-01-07 11:19:12 70656 ----a-w- c:\windows\system32\i420vfw.dll
    2011-01-07 11:19:11 -------- d-----w- c:\program files\AviSynth 2.5
    2011-01-07 09:48:46 -------- d-----w- c:\docume~1\chuan-~1\applic~1\ImTOO Software Studio
    2011-01-07 09:44:53 -------- d-----w- c:\program files\Convert AVI to MP4
    2011-01-07 09:37:42 -------- d-----w- c:\program files\uTorrent
    2011-01-07 09:37:19 -------- d-----w- c:\docume~1\chuan-~1\applic~1\uTorrent
    2011-01-07 07:01:39 -------- d-----w- c:\docume~1\chuan-~1\locals~1\applic~1\Graboid_Inc
    2011-01-07 07:01:34 -------- d-----w- c:\docume~1\chuan-~1\locals~1\applic~1\Graboid
    2011-01-07 07:00:00 -------- d-----w- c:\docume~1\chuan-~1\locals~1\applic~1\Geckofx
    2011-01-07 06:51:31 -------- d-----w- c:\program files\Graboid
    2011-01-07 06:49:36 -------- d-----w- c:\docume~1\chuan-~1\applic~1\Local
    2011-01-07 06:48:13 126448 ------w- c:\windows\system32\pxinsi64.exe
    2011-01-07 06:48:13 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2011-01-07 06:44:19 -------- d-----w- c:\program files\DivX
    2011-01-07 06:42:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2011-01-07 00:31:42 -------- d-----w- c:\program files\iPod
    2011-01-07 00:31:35 -------- d-----w- c:\program files\iTunes
    2011-01-07 00:30:45 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-01-07 00:30:45 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-01-07 00:30:14 -------- d-----w- c:\program files\Bonjour
    2010-12-31 10:10:10 -------- d-----w- c:\docume~1\chuan-~1\locals~1\applic~1\AutoTyperMurGee
    2010-12-18 23:48:54 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-18 23:47:00 45568 ------w- c:\windows\system32\dllcache\wab.exe

    ==================== Find3M ====================

    2010-11-29 06:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 06:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:34:04 841216 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:04 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:03 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:03 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-11-03 12:00:49 389120 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

    ============= FINISH: 22:59:23.07 ===============
    Chuanny, Jan 12, 2011
    #1

  2. Broni Malware Annihilator

    Welcome aboard [IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
    Broni, Jan 12, 2011
    #2

  3. Chuanny Newcomer, in training

    Forgot to add the gmer.log
    Is there anything else needed? I completed all the necessary steps.




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-10 08:10:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HDS728080PLA380 rev.PF2OA63A
    Running: my776dc1.exe; Driver: C:\DOCUME~1\CHUAN-~1\LOCALS~1\Temp\pgtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A8BC290 ZwAlertResumeThread
    SSDT 8AD62218 ZwAlertThread
    SSDT 8AC62960 ZwAllocateVirtualMemory
    SSDT 8AC1F278 ZwAssignProcessToJobObject
    SSDT 8ACD24D0 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA7D4F130]
    SSDT 8ACCB2C8 ZwCreateMutant
    SSDT 8A8B2200 ZwCreateSymbolicLinkObject
    SSDT 8A8C1CF8 ZwCreateThread
    SSDT 8A918410 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA7D4F3B0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA7D4F910]
    SSDT 8AC94820 ZwDuplicateObject
    SSDT 8ADE6810 ZwFreeVirtualMemory
    SSDT 8AC4C258 ZwImpersonateAnonymousToken
    SSDT 8AC4C318 ZwImpersonateThread
    SSDT 8A8EF6E0 ZwLoadDriver
    SSDT 8ACC59B0 ZwMapViewOfSection
    SSDT 8A8B4318 ZwOpenEvent
    SSDT 8A8D69C0 ZwOpenProcess
    SSDT 8AB76D58 ZwOpenProcessToken
    SSDT 8A8C12D8 ZwOpenSection
    SSDT 8A916430 ZwOpenThread
    SSDT 8A8B22D0 ZwProtectVirtualMemory
    SSDT 8AD4FCD0 ZwResumeThread
    SSDT 8A8B2490 ZwSetContextThread
    SSDT 8AC70768 ZwSetInformationProcess
    SSDT 8A9184F0 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA7D4FB60]
    SSDT 8A8B4258 ZwSuspendProcess
    SSDT 8AD622D8 ZwSuspendThread
    SSDT 8AC4C4E0 ZwTerminateProcess
    SSDT 8A916598 ZwTerminateThread
    SSDT 8AC3B400 ZwUnmapViewOfSection
    SSDT 8AC3B4C0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E353086 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E353007 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35304B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352F93 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E352FCD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3530C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3444] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E353283 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\USBSTOR \Device\00000091 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\USBSTOR \Device\00000092 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \Driver\cdspacex \Device\Scsi\cdspacex1Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\cdspacex \Device\Scsi\cdspacex1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
    Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.THM@ THM_auto_file
    Reg HKLM\SOFTWARE\Classes\.xpl@ RealPlayer.MP3PL.6
    Reg HKLM\SOFTWARE\Classes\.xpl@Content Type audio/mpegurl
    Reg HKLM\SOFTWARE\Classes\amr_auto_file@
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell@ open
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue@ ?????? ??(&A)
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue\Command
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue\Command@ "C:\Program Files\GRETECH\GomPlayer\GOM.exe" /add "%1"
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue\DropTarget
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue\DropTarget@
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\Enqueue\DropTarget@Clsid {6B866272-0A95-4EDC-9762-56A447040416}
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open\command
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open\command@ "C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open\DropTarget
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open\DropTarget@
    Reg HKLM\SOFTWARE\Classes\amr_auto_file\shell\open\DropTarget@Clsid {D0F0AD6B-ECCC-401E-8E71-C4363D41399C}
    Reg HKLM\SOFTWARE\Classes\CLSID\{2df5c137-3763-427f-a2da-bb22a9e958a5}@Model 314
    Reg HKLM\SOFTWARE\Classes\CLSID\{2df5c137-3763-427f-a2da-bb22a9e958a5}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{2df5c137-3763-427f-a2da-bb22a9e958a5}@MData 0x2B 0x8F 0x78 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x56 0x1D 0xA2 0xEA ...
    Reg HKLM\SOFTWARE\Classes\CMListControl.List@ List Class
    Reg HKLM\SOFTWARE\Classes\CMListControl.List\CLSID
    Reg HKLM\SOFTWARE\Classes\CMListControl.List\CLSID@ {C005AD8C-A0C0-450B-8885-4F3562C0B58C}
    Reg HKLM\SOFTWARE\Classes\CMListControl.List\CurVer
    Reg HKLM\SOFTWARE\Classes\CMListControl.List\CurVer@ CMListControl.List.1
    Reg HKLM\SOFTWARE\Classes\CMListControl.List.1@ List Class
    Reg HKLM\SOFTWARE\Classes\CMListControl.List.1\CLSID
    Reg HKLM\SOFTWARE\Classes\CMListControl.List.1\CLSID@ {C005AD8C-A0C0-450B-8885-4F3562C0B58C}
    Reg HKLM\SOFTWARE\Classes\dayon@ URL: dayon Protocol
    Reg HKLM\SOFTWARE\Classes\dayon@URL Protocol
    Reg HKLM\SOFTWARE\Classes\dayon\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\dayon\DefaultIcon@ C:\Program Files\EzSolution\Dayon\Player\Player.exe
    Reg HKLM\SOFTWARE\Classes\dayon\shell
    Reg HKLM\SOFTWARE\Classes\dayon\shell\open
    Reg HKLM\SOFTWARE\Classes\dayon\shell\open\command
    Reg HKLM\SOFTWARE\Classes\dayon\shell\open\command@ C:\Program Files\EzSolution\Dayon\Player\Player.exe "%1"
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost@ EasyShare_AddInHost Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost\CLSID@ {09101CBE-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost\CurVer@ EasyShare.EasyShare_AddInHost.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost.1@ EasyShare_AddInHost Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_AddInHost.1\CLSID@ {09101CBE-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App@ EasyShare_App Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App\CLSID@ {09101CAF-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App\CurVer@ EasyShare.EasyShare_App.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App.1@ EasyShare_App Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_App.1\CLSID@ {09101CAF-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image@ EasyShare_Image Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image\CLSID@ {00FAE562-DACA-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image\CurVer@ EasyShare.EasyShare_Image.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image.1@ EasyShare_Image Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_Image.1\CLSID@ {00FAE562-DACA-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection@ EasyShare_ImageCollection Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection\CLSID@ {00FAE568-DACA-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection\CurVer@ EasyShare.EasyShare_ImageCollection.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection.1@ EasyShare_ImageCollection Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageCollection.1\CLSID@ {00FAE568-DACA-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl@ EasyShare_ImageControl Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl\CLSID@ {09101CBA-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl\CurVer@ EasyShare.EasyShare_ImageControl.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl.1@ EasyShare_ImageControl Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_ImageControl.1\CLSID@ {09101CBA-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder@ EasyShare_WorkOrder Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder\CLSID@ {09101CB7-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder\CurVer
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder\CurVer@ EasyShare.EasyShare_WorkOrder.1
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder.1@ EasyShare_WorkOrder Class
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder.1\CLSID
    Reg HKLM\SOFTWARE\Classes\EasyShare.EasyShare_WorkOrder.1\CLSID@ {09101CB7-D527-11D6-AD30-0050DAD88A02}
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2@ EasyShare_ImageControl2 Class
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2\CLSID
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2\CLSID@ {3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2\CurVer
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2\CurVer@ ESCom.EasyShare_ImageControl2.1
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2.1@ EasyShare_ImageControl2 Class
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2.1\CLSID
    Reg HKLM\SOFTWARE\Classes\ESCom.EasyShare_ImageControl2.1\CLSID@ {3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}
    Reg HKLM\SOFTWARE\Classes\mailto@ URL:MailTo Protocol
    Reg HKLM\SOFTWARE\Classes\mailto@URL Protocol
    Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon@ "C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE",7
    Reg HKLM\SOFTWARE\Classes\mailto\shell
    Reg HKLM\SOFTWARE\Classes\mailto\shell\open
    Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command
    Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command@ "C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE" -c IPM.Note /m "%1"
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP@ MDServiceProviderIFP Class
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP\CLSID
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP\CLSID@ {00416AA4-D0BC-45cf-AE2A-908BB972E9E4}
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP.1@ MDServiceProviderIFP Class
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP.1\CLSID
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.MDServiceProviderIFP.1\CLSID@ {00416AA4-D0BC-45cf-AE2A-908BB972E9E4}
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage@ IFPSPPropPage Class
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage\CLSID
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage\CLSID@ {03545A48-C31B-4494-93A1-EFBF75117079}
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage\CurVer
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage\CurVer@ MDServiceProviderIFP.PropPage.1
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage.1@ PropPage Class
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage.1\CLSID
    Reg HKLM\SOFTWARE\Classes\MDServiceProviderIFP.PropPage.1\CLSID@ {03545A48-C31B-4494-93A1-EFBF75117079}
    Reg HKLM\SOFTWARE\Classes\NuriDownloaderX.NuriDownloader@ NuriDownloader Control
    Reg HKLM\SOFTWARE\Classes\NuriDownloaderX.NuriDownloader\Clsid
    Reg HKLM\SOFTWARE\Classes\NuriDownloaderX.NuriDownloader\Clsid@ {436A95AC-A449-4A6B-84AB-6D83C32F512B}
    Reg HKLM\SOFTWARE\Classes\p3skcb@Source Filter {CB130CB3-1F63-47e5-B5BB-DE0A2CDCEC4C}
    Reg HKLM\SOFTWARE\Classes\p3skcb@URL Protocol
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents@ WiaEvents Class
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents\CLSID
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents\CLSID@ {66A41C80-C64A-45A9-8BC9-0D58DE47C007}
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents\CurVer
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents\CurVer@ Ptswia.WiaEvents.1
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1@ WiaEvents Class
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\CLSID@ {66A41C80-C64A-45A9-8BC9-0D58DE47C007}
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell@
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell\open
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell\open@
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell\open\DropTarget
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell\open\DropTarget@
    Reg HKLM\SOFTWARE\Classes\Ptswia.WiaEvents.1\Shell\open\DropTarget@Clsid {66A41C80-C64A-45A9-8BC9-0D58DE47C007}
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6@ MP3 PlayLists (.m3u,.pls,.xpl)
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,0
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open\command
    Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /m audio/mpegurl %1
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6@ WAV Clip
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,0
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command
    Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /m audio/wav %1
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager@ IKodakCameraManager Class
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager\CLSID
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager\CLSID@ {FB803D0D-EC2B-11D2-A4B8-00104BCAB4AB}
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager\CurVer
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager\CurVer@ Ring3.IKodakCameraManager.1
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager.1@ IKodakCameraManager Class
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Ring3.IKodakCameraManager.1\CLSID@ {FB803D0D-EC2B-11D2-A4B8-00104BCAB4AB}
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM@ SetPointCOM Class
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM\CLSID
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM\CLSID@ {68A362DB-D106-4B53-B613-BA8A1E6B539E}
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM\CurVer
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM\CurVer@ SetPointCOMMM9.SetPointCOM.1
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM.1@ SetPointCOM Class
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SetPointCOMMM9.SetPointCOM.1\CLSID@ {68A362DB-D106-4B53-B613-BA8A1E6B539E}
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM@ SetPointCOM Class
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM\CLSID
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM\CLSID@ {68B482DB-D106-4B53-B613-BA8A1E6B539E}
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM\CurVer
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM\CurVer@ SetPointCOMWMP9.SetPointCOM.1
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM.1@ SetPointCOM Class
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SetPointCOMWMP9.SetPointCOM.1\CLSID@ {68B482DB-D106-4B53-B613-BA8A1E6B539E}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption@ ClosedCaption Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption\CLSID@ {B359B6EA-E892-4018-8CD2-4ECC9BD477A2}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption\CurVer@ SKCBGMCtrl.ClosedCaption.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption.1@ ClosedCaption Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ClosedCaption.1\CLSID@ {B359B6EA-E892-4018-8CD2-4ECC9BD477A2}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls@ Controls Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls\CLSID@ {F39659CF-699B-47EF-BB19-C15A84BBB143}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls\CurVer@ SKCBGMCtrl.Controls.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls.1@ Controls Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Controls.1\CLSID@ {F39659CF-699B-47EF-BB19-C15A84BBB143}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD@ DVD Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD\CLSID@ {37F08BCE-C7B2-48E8-88B0-666BC1C58C36}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD\CurVer@ SKCBGMCtrl.DVD.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD.1@ DVD Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.DVD.1\CLSID@ {37F08BCE-C7B2-48E8-88B0-666BC1C58C36}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error@ Error Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error\CLSID@ {5E395EC3-30F4-4A0E-A7F6-8878C60E8EB1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error\CurVer@ SKCBGMCtrl.Error.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error.1@ Error Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Error.1\CLSID@ {5E395EC3-30F4-4A0E-A7F6-8878C60E8EB1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem@ ErrorItem Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem\CLSID@ {FA150B05-7510-471D-9AFB-467B94462FDE}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem\CurVer@ SKCBGMCtrl.ErrorItem.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem.1@ ErrorItem Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.ErrorItem.1\CLSID@ {FA150B05-7510-471D-9AFB-467B94462FDE}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media@ Media Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media\CLSID@ {11921BE2-A0A6-4532-B708-76537C9BB86D}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media\CurVer@ SKCBGMCtrl.Media.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media.1@ Media Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Media.1\CLSID@ {11921BE2-A0A6-4532-B708-76537C9BB86D}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection@ MediaCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection\CLSID@ {7AA18156-1945-45AF-9AC6-F1A9787ACE06}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection\CurVer@ SKCBGMCtrl.MediaCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection.1@ MediaCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.MediaCollection.1\CLSID@ {7AA18156-1945-45AF-9AC6-F1A9787ACE06}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network@ Network Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network\CLSID@ {6126A5F4-A096-4F8A-A272-C54FD7F63C17}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network\CurVer@ SKCBGMCtrl.Network.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network.1@ Network Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Network.1\CLSID@ {6126A5F4-A096-4F8A-A272-C54FD7F63C17}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface@ Cyworld BGM player
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface\CLSID@ {CFEEFD48-3EF9-4b51-9738-0B54D8E9E5BD}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface\CurVer@ SKCBGMCtrl.P3MPInterface.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface.1@ Cyworld BGM player
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.P3MPInterface.1\CLSID@ {CFEEFD48-3EF9-4b51-9738-0B54D8E9E5BD}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication@ PlayerApplication Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication\CLSID@ {E8CD244F-1836-4FFE-AF58-1776580D1622}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication\CurVer@ SKCBGMCtrl.PlayerApplication.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication.1@ PlayerApplication Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlayerApplication.1\CLSID@ {E8CD244F-1836-4FFE-AF58-1776580D1622}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist@ Playlist Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist\CLSID@ {69F34BA8-7ED4-4911-97F4-4B88ADF25441}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist\CurVer@ SKCBGMCtrl.Playlist.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist.1@ Playlist Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Playlist.1\CLSID@ {69F34BA8-7ED4-4911-97F4-4B88ADF25441}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray@ PlaylistArray Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray\CLSID
    Chuanny, Jan 13, 2011
    #3

  4. Chuanny Newcomer, in training

    gmer.log (continued)


    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray\CLSID@ {841643D5-D102-4B24-917C-0CAF6D9DFBF1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray\CurVer@ SKCBGMCtrl.PlaylistArray.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray.1@ PlaylistArray Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.PlaylistArray.1\CLSID@ {841643D5-D102-4B24-917C-0CAF6D9DFBF1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection@ playlistCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection\CLSID@ {5B2F6A77-8A7E-4AA7-B6D7-FAC7657F58BD}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection\CurVer@ SKCBGMCtrl.playlistCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection.1@ playlistCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.playlistCollection.1\CLSID@ {5B2F6A77-8A7E-4AA7-B6D7-FAC7657F58BD}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings@ Settings Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings\CLSID@ {0D37433C-8C73-458E-A7D6-15DE1CEC0F91}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings\CurVer@ SKCBGMCtrl.Settings.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings.1@ Settings Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.Settings.1\CLSID@ {0D37433C-8C73-458E-A7D6-15DE1CEC0F91}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection@ StringCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection\CLSID@ {CBABF241-9875-46C8-BB0B-6F90CC8D12FE}
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection\CurVer@ SKCBGMCtrl.StringCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection.1@ StringCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMCtrl.StringCollection.1\CLSID@ {CBABF241-9875-46C8-BB0B-6F90CC8D12FE}
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader@ skcbgmset Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader\CLSID@ {A671DC03-71D0-4cf0-895C-7D4A248FC1F1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader\CurVer@ SKCBGMLoad.P3WLoader.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader.1@ skcbgmset Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMLoad.P3WLoader.1\CLSID@ {A671DC03-71D0-4cf0-895C-7D4A248FC1F1}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr@ P3CacheMgrSvr Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr\CLSID@ {C5D4D4F4-049F-4781-AFF0-7352D293BB0E}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr\CurVer@ SKCBGMSvr.P3CacheMgrSvr.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr.1@ P3CacheMgrSvr Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3CacheMgrSvr.1\CLSID@ {C5D4D4F4-049F-4781-AFF0-7352D293BB0E}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr@ P3URLInfoSvr Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr\CLSID@ {C05646C3-8A82-4351-8560-D3FC7FA1E33F}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr\CurVer@ SKCBGMSvr.P3URLInfoSvr.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr.1@ P3URLInfoSvr Class
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.P3URLInfoSvr.1\CLSID@ {C05646C3-8A82-4351-8560-D3FC7FA1E33F}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl@ SK Communications Cyworld BGM Player
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl\CLSID@ {C7E8E423-90F1-4052-A366-04CC6C1BF18A}
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl\CurVer@ SKCBGMSvr.WebCtrl.1
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl.1@ SK Communications Cyworld BGM Player
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCBGMSvr.WebCtrl.1\CLSID@ {C7E8E423-90F1-4052-A366-04CC6C1BF18A}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption@ ClosedCaption Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption\CLSID@ {B359B6EA-E892-4018-8CD2-4ECC9BD477A2}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption\CurVer@ SKCPPLCtrl.ClosedCaption.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption.1@ ClosedCaption Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ClosedCaption.1\CLSID@ {B359B6EA-E892-4018-8CD2-4ECC9BD477A2}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls@ Controls Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls\CLSID@ {F39659CF-699B-47EF-BB19-C15A84BBB143}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls\CurVer@ SKCPPLCtrl.Controls.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls.1@ Controls Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Controls.1\CLSID@ {F39659CF-699B-47EF-BB19-C15A84BBB143}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD@ DVD Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD\CLSID@ {37F08BCE-C7B2-48E8-88B0-666BC1C58C36}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD\CurVer@ SKCPPLCtrl.DVD.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD.1@ DVD Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.DVD.1\CLSID@ {37F08BCE-C7B2-48E8-88B0-666BC1C58C36}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error@ Error Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error\CLSID@ {5E395EC3-30F4-4A0E-A7F6-8878C60E8EB1}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error\CurVer@ SKCPPLCtrl.Error.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error.1@ Error Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Error.1\CLSID@ {5E395EC3-30F4-4A0E-A7F6-8878C60E8EB1}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem@ ErrorItem Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem\CLSID@ {FA150B05-7510-471D-9AFB-467B94462FDE}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem\CurVer@ SKCPPLCtrl.ErrorItem.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem.1@ ErrorItem Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.ErrorItem.1\CLSID@ {FA150B05-7510-471D-9AFB-467B94462FDE}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media@ Media Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media\CLSID@ {11921BE2-A0A6-4532-B708-76537C9BB86D}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media\CurVer@ SKCPPLCtrl.Media.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media.1@ Media Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Media.1\CLSID@ {11921BE2-A0A6-4532-B708-76537C9BB86D}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection@ MediaCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection\CLSID@ {7AA18156-1945-45AF-9AC6-F1A9787ACE06}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection\CurVer@ SKCPPLCtrl.MediaCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection.1@ MediaCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.MediaCollection.1\CLSID@ {7AA18156-1945-45AF-9AC6-F1A9787ACE06}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network@ Network Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network\CLSID@ {6126A5F4-A096-4F8A-A272-C54FD7F63C17}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network\CurVer@ SKCPPLCtrl.Network.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network.1@ Network Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Network.1\CLSID@ {6126A5F4-A096-4F8A-A272-C54FD7F63C17}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface@ Cyworld PPL player
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface\CLSID@ {D214C260-15A4-4772-83EE-59AC3EBF662C}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface\CurVer@ SKCPPLCtrl.P3MPInterface.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface.1@ Cyworld PPL player
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.P3MPInterface.1\CLSID@ {D214C260-15A4-4772-83EE-59AC3EBF662C}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication@ PlayerApplication Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication\CLSID@ {E8CD244F-1836-4FFE-AF58-1776580D1622}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication\CurVer@ SKCPPLCtrl.PlayerApplication.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication.1@ PlayerApplication Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlayerApplication.1\CLSID@ {E8CD244F-1836-4FFE-AF58-1776580D1622}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist@ Playlist Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist\CLSID@ {69F34BA8-7ED4-4911-97F4-4B88ADF25441}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist\CurVer@ SKCPPLCtrl.Playlist.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist.1@ Playlist Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Playlist.1\CLSID@ {69F34BA8-7ED4-4911-97F4-4B88ADF25441}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray@ PlaylistArray Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray\CLSID@ {841643D5-D102-4B24-917C-0CAF6D9DFBF1}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray\CurVer@ SKCPPLCtrl.PlaylistArray.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray.1@ PlaylistArray Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.PlaylistArray.1\CLSID@ {841643D5-D102-4B24-917C-0CAF6D9DFBF1}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection@ playlistCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection\CLSID@ {5B2F6A77-8A7E-4AA7-B6D7-FAC7657F58BD}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection\CurVer@ SKCPPLCtrl.playlistCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection.1@ playlistCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.playlistCollection.1\CLSID@ {5B2F6A77-8A7E-4AA7-B6D7-FAC7657F58BD}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings@ Settings Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings\CLSID@ {0D37433C-8C73-458E-A7D6-15DE1CEC0F91}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings\CurVer@ SKCPPLCtrl.Settings.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings.1@ Settings Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.Settings.1\CLSID@ {0D37433C-8C73-458E-A7D6-15DE1CEC0F91}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection@ StringCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection\CLSID@ {CBABF241-9875-46C8-BB0B-6F90CC8D12FE}
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection\CurVer
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection\CurVer@ SKCPPLCtrl.StringCollection.1
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection.1@ StringCollection Class
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection.1\CLSID
    Reg HKLM\SOFTWARE\Classes\SKCPPLCtrl.StringCollection.1\CLSID@ {CBABF241-9875-46C8-BB0B-6F90CC8D12FE}
    Reg HKLM\SOFTWARE\Classes\THM_auto_file@
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell@ open
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue@ ?????? ??(&A)
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue\Command
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue\Command@ "C:\Program Files\GRETECH\GomPlayer\GOM.exe" /add "%1"
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue\DropTarget
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue\DropTarget@
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\Enqueue\DropTarget@Clsid {6B866272-0A95-4EDC-9762-56A447040416}
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open\command
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open\command@ "C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open\DropTarget
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open\DropTarget@
    Reg HKLM\SOFTWARE\Classes\THM_auto_file\shell\open\DropTarget@Clsid {D0F0AD6B-ECCC-401E-8E71-C4363D41399C}
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget@ VistaPvwDropTarget Class
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget\CLSID
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget\CLSID@ {7961D709-B4F2-4017-8F87-5C2B84632080}
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget\CurVer
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget\CurVer@ Vdt.VistaPvwDropTarget.1
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget.1@ VistaPvwDropTarget Class
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget.1\CLSID
    Reg HKLM\SOFTWARE\Classes\Vdt.VistaPvwDropTarget.1\CLSID@ {7961D709-B4F2-4017-8F87-5C2B84632080}

    ---- EOF - GMER 1.0.15 ----
    Chuanny, Jan 13, 2011
    #4

  5. Chuanny Newcomer, in training

    Wasn't sure if a hijack this log was required. Thanks

    [HJT log removed - Broni]
    Chuanny, Jan 13, 2011
    #5

  6. Broni Malware Annihilator

    Hmmmm....Malwarebytes?
    HJT is not mentioned there.
    Broni, Jan 13, 2011
    #6

  7. Chuanny Newcomer, in training

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5487

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    9/01/2011 11:10:11 PM
    mbam-log-2011-01-09 (23-10-11).txt

    Scan type: Quick scan
    Objects scanned: 169346
    Time elapsed: 16 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 46
    Registry Values Infected: 4
    Registry Data Items Infected: 3
    Folders Infected: 15
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\program files\musicfrost\music frost toolbar\MinBHO.dll (Adware.SkyMediaPack) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{05584B13-CA4B-459B-925B-65D215E5942C} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2574231F-9D6F-4B0E-9041-5DD7484564AD} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MinBHO.ShowBarObj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MinBHO.ShowBarObj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{FFDE727F-3330-45EB-B9F9-C1668E6E08B2} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{DA53E9AA-4A9A-4262-B993-140F6A71B7E4} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1AFF91D8-DE7B-4F4C-9507-B3791AEF058F} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sch.NateSearch.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sch.NateSearch (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFDE727F-3330-45EB-B9F9-C1668E6E08B2} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFDE727F-3330-45EB-B9F9-C1668E6E08B2} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFDE727F-3330-45EB-B9F9-C1668E6E08B2} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{151C9CC9-4997-D013-C7AF-536FF6E1F284} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWaySearchAssistantDE.Auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sch.Gulf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sch.Gulf.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\sch.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\NateSrch (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45296DBE-C6F0-44C0-86B4-5AA85C61894B}_is1 (Rogue.AntiSpyware2010) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Xstudio_Packet_Capture (LSP.Hijacker) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ED8-A40F-7F65AFC28634} (Trojan.Vundo) -> Value: {73259091-9574-4ED8-A40F-7F65AFC28634} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ED8-A40F-7F65AFC28634} (Trojan.Vundo) -> Value: {73259091-9574-4ED8-A40F-7F65AFC28634} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc1t1j0e72l (Rogue.AntiVirusXP) -> Value: rhc1t1j0e72l -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\startmenuallusers (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Autorun\startmenucurrentuser (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\browserobjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\rhc1t1j0e72l\quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\ni.gscns (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\shien-ling\application data\systemdoctor 2006 free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\musicfrost\music frost toolbar\MinBHO.dll (Adware.SkyMediaPack) -> Delete on reboot.
    c:\program files\Nate\addresssearch\sch.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\chgozsejwpfgawel.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\ni.gscns\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\chuan-chun\application data\ni.gscns\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    Chuanny, Jan 13, 2011
    #7

  8. Broni Malware Annihilator

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Jan 13, 2011
    #8
Thread Status:
Not open for further replies.