issues with internet browsers after getting rid of malware

View previous topic View next topic Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed May 26, 2010 4:14 am

After i clicked MoveIt, i got a message saying "This system is shutting down.." it had a timer for a minute and OTM got started but im not sure if it finished.
then after it restarted itself, notepad opened up and it said something about something being moved. Sorry, i didn't catch it all.

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Wed May 26, 2010 4:30 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    File::
    C:\WINDOWS\Temp\svchost.exe

    rootkit::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed May 26, 2010 8:39 pm

ComboFix 10-05-26.01 - Ravi 26/05/2010 16:14:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1519 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\Temp\svchost.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:28 . 2010-05-17 03:05 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 20:24 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 kaspersky1;kaspersky1; [x]
S3 kylix;kylix; [x]
S3 MooseKOPMA;MooseKOPMA; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 NUBBER;NUBBER; [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_12\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-26 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys spka.sys hal.dll >>UNKNOWN [0x8AA74938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-05-26 16:36:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-26 20:36

Pre-Run: 92,983,279,616 bytes free
Post-Run: 92,963,074,048 bytes free

- - End Of File - - 69EF1C268DC5DDA454B7F40D2C77D34C

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Wed May 26, 2010 8:44 pm

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed May 26, 2010 8:49 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Fri May 28, 2010 1:22 am

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:
mbr.exe -f

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Fri May 28, 2010 1:26 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Fri May 28, 2010 1:33 am

Odd.

Please run ComboFix again and post a log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Fri May 28, 2010 2:33 am

ComboFix 10-05-27.01 - Ravi 27/05/2010 22:20:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1496 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2008-12-08 17:59 4412178 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\SanDiskBackup.exe
2010-05-17 02:39 . 2008-12-08 15:32 2260992 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmEngine.dll
2010-05-17 02:39 . 2008-11-21 19:01 569344 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmLauncher.exe
2010-05-17 02:39 . 2008-11-19 12:46 37376 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dwmapi.dll
2010-05-17 02:39 . 2006-12-04 19:47 241664 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\U3Action.exe
2010-05-17 02:39 . 2009-09-23 17:55 3413288 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:28 . 2010-05-17 03:05 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-04-12 17:39 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 02:23 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
S3 kaspersky1;kaspersky1; [x]
S3 kylix;kylix; [x]
S3 MooseKOPMA;MooseKOPMA; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 NUBBER;NUBBER; [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-27 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-27 22:32:26
ComboFix-quarantined-files.txt 2010-05-28 02:32
ComboFix2.txt 2010-05-26 20:36

Pre-Run: 92,652,736,512 bytes free
Post-Run: 92,619,284,480 bytes free

- - End Of File - - 7B0B3DA12AE76B3D5991D14ADAE558D2

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Fri May 28, 2010 4:46 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    Folder::
    c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou

    DirLook::
    c:\program files\AML Products

    FileLook::
    c:\windows\system32\drivers\lbrtfdc.sys
    c:\windows\iun6002.exe

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555

    Driver::
    kaspersky1
    kylix
    MooseKOPMA
    NUBBER

    Rootkit::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Fri May 28, 2010 9:17 pm

ComboFix 10-05-28.02 - Ravi 28/05/2010 16:56:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1500 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KASPERSKY1
-------\Legacy_MOOSEKOPMA
-------\Legacy_NUBBER
-------\Service_kaspersky1
-------\Service_kylix
-------\Service_MooseKOPMA
-------\Service_NUBBER


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 21:06 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\iun6002.exe ---
Company: Indigo Rose Corporation
File Description: SUF60Runtime
File Version: 6.0.1.4
Product Name: Setup Factory 6.0 Runtime Module
Copyright: Copyright © 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
Original Filename: SUF60Runtime.exe
File size: 737280
Created time: 2009-06-27 03:08
Modified time: 2010-05-18 03:49
MD5: 456462905091DB042141487FE030E3C9
SHA1: BB57B4850528C3C8D9BF159FB5B9F414DDC7D5D7


--- c:\windows\system32\drivers\lbrtfdc.sys ---
Company: Toshiba Corp.
File Description: Toshiba Libretto floppy controller
File Version: Version 5.10.3 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: Copyright (C) Toshiba Corp. 1998-2000. Copyright (C) Microsoft Corp. 2007
Original Filename: Lbrtfdc.sys
File size: 34688
Created time: 2010-05-17 02:28
Modified time: 2008-04-13 18:40
MD5: 406598827A1B5F77954DE11DDE115CED
SHA1: 16DDE4CBF03C0C2335EE651C6EF886669908A41F

---- Directory of c:\program files\AML Products ----

2010-05-18 02:53 . 2008-11-29 20:50 20480 ----a-w- c:\program files\AML Products\Registry Cleaner\UN.exe
2010-05-18 02:53 . 2009-10-31 16:37 143360 ----a-w- c:\program files\AML Products\Registry Cleaner\regsearch.exe
2010-05-18 02:53 . 2008-05-04 04:10 466 ----a-w- c:\program files\AML Products\Registry Cleaner\regclean.exe.manifest
2010-05-18 02:53 . 2009-10-31 16:39 61440 ----a-w- c:\program files\AML Products\Registry Cleaner\startup.exe
2010-05-18 02:53 . 2008-11-29 20:50 20480 ----a-w- c:\program files\AML Products\Registry Cleaner\FRC.exe
2010-05-18 02:53 . 2009-10-31 16:38 98304 ----a-w- c:\program files\AML Products\Registry Cleaner\pm.exe
2010-05-18 02:53 . 2009-10-31 16:38 94208 ----a-w- c:\program files\AML Products\Registry Cleaner\clean.exe
2010-05-18 02:53 . 2008-01-25 20:24 205 ----a-w- c:\program files\AML Products\Registry Cleaner\ftlist.txt
2010-05-18 02:53 . 2009-10-31 16:38 516096 ----a-w- c:\program files\AML Products\Registry Cleaner\regback.exe
2010-05-18 02:53 . 2009-10-29 21:10 615424 ----a-w- c:\program files\AML Products\Registry Cleaner\Styles\Office2007.cjstyles
2010-05-18 02:53 . 2009-10-20 16:39 579504 ----a-w- c:\program files\AML Products\Registry Cleaner\Codejock.SkinFramework.Unicode.v13.2.0.ocx
2010-05-18 02:53 . 2010-05-18 02:53 5 ----a-w- c:\program files\AML Products\Registry Cleaner\open.cpa
2010-05-18 02:53 . 2001-08-24 00:00 1388544 ----a-w- c:\program files\AML Products\Registry Cleaner\MSVBVM60.DLL
2010-05-18 02:53 . 2009-05-27 18:45 1599 ----a-w- c:\program files\AML Products\Registry Cleaner\Exclude.lst
2010-05-18 02:53 . 1996-08-24 11:11 1312 ----a-w- c:\program files\AML Products\Registry Cleaner\english.dll
2010-05-18 02:53 . 2010-03-26 03:37 507904 ----a-w- c:\program files\AML Products\Registry Cleaner\regclean.exe
2010-05-18 02:53 . 2010-05-18 02:52 1180095 ----a-w- c:\program files\AML Products\Registry Cleaner\unins000.exe
2010-05-18 02:53 . 2010-05-18 02:53 6005 ----a-w- c:\program files\AML Products\Registry Cleaner\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-28 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys spke.sys hal.dll >>UNKNOWN [0x8AA41938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-28 17:16:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 21:16
ComboFix2.txt 2010-05-28 02:32
ComboFix3.txt 2010-05-26 20:36

Pre-Run: 92,637,769,728 bytes free
Post-Run: 92,481,552,384 bytes free

- - End Of File - - 4BF9EB13E03181A93F83A6DE461D045C

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Sat May 29, 2010 7:12 pm

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    Folder::
    c:\program files\AML Products

    MBR::

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed Jun 02, 2010 12:57 am

ComboFix 10-06-01.01 - Ravi 01/06/2010 18:17:24.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1535 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AML Products
c:\program files\AML Products\Registry Cleaner\clean.exe
c:\program files\AML Products\Registry Cleaner\Codejock.SkinFramework.Unicode.v13.2.0.ocx
c:\program files\AML Products\Registry Cleaner\english.dll
c:\program files\AML Products\Registry Cleaner\Exclude.lst
c:\program files\AML Products\Registry Cleaner\FRC.exe
c:\program files\AML Products\Registry Cleaner\ftlist.txt
c:\program files\AML Products\Registry Cleaner\MSVBVM60.DLL
c:\program files\AML Products\Registry Cleaner\open.cpa
c:\program files\AML Products\Registry Cleaner\pm.exe
c:\program files\AML Products\Registry Cleaner\regback.exe
c:\program files\AML Products\Registry Cleaner\regclean.exe
c:\program files\AML Products\Registry Cleaner\regclean.exe.manifest
c:\program files\AML Products\Registry Cleaner\regsearch.exe
c:\program files\AML Products\Registry Cleaner\startup.exe
c:\program files\AML Products\Registry Cleaner\Styles\Office2007.cjstyles
c:\program files\AML Products\Registry Cleaner\UN.exe
c:\program files\AML Products\Registry Cleaner\unins000.dat
c:\program files\AML Products\Registry Cleaner\unins000.exe
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 22:26 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-14 21:27 . 2010-04-29 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1 - c:\program files\AML Products\Registry Cleaner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-01 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys sppc.sys hal.dll >>UNKNOWN [0x8AA75938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-01 20:18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-02 00:18
ComboFix2.txt 2010-05-28 21:16
ComboFix3.txt 2010-05-28 02:32
ComboFix4.txt 2010-05-26 20:36

Pre-Run: 92,161,118,208 bytes free
Post-Run: 92,091,490,304 bytes free

- - End Of File - - EB86A3E35A887383FA0435D118A820D0

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Wed Jun 02, 2010 3:01 am

Seems like a very deep infection here.

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed Jun 02, 2010 10:07 pm

MySystem-Search

Run on 02/06/2010 at 18:03:56

MSS v1.1


Basic System Information



CD Emulation Drivers running?

DAEMON Tools/Duplex Secure found!
Roxio found!


Peer-to-Peer applications?

LimeWire found!
uTorrent found!


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile


Running processes



Hidden objects

PATH: C:\windows

$hf_mig$
$NtServicePackUninstall$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB835221WXP$
$NtUninstallKB885836$
$NtUninstallKB886185$
$NtUninstallKB887742$
$NtUninstallKB888302$
$NtUninstallKB890046$
$NtUninstallKB890859$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB895316$
$NtUninstallKB896428$
$NtUninstallKB898458$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB902344$
$NtUninstallKB902400$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB905915$
$NtUninstallKB908519$
$NtUninstallKB908531$
$NtUninstallKB909394$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911564$
$NtUninstallKB911565$
$NtUninstallKB911567$
$NtUninstallKB911927$
$NtUninstallKB912812$
$NtUninstallKB912919$
$NtUninstallKB913446$
$NtUninstallKB913580$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB916281$
$NtUninstallKB916595$
$NtUninstallKB917159$
$NtUninstallKB917344$
$NtUninstallKB917422$
$NtUninstallKB917734_WMP10$
$NtUninstallKB917953$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB918899$
$NtUninstallKB919007$
$NtUninstallKB920213$
$NtUninstallKB920214$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB921398$
$NtUninstallKB921503$
$NtUninstallKB921883$
$NtUninstallKB922582$
$NtUninstallKB922616$
$NtUninstallKB922819$
$NtUninstallKB923191$
$NtUninstallKB923414$
$NtUninstallKB923561$
$NtUninstallKB923694$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924191$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925902$
$NtUninstallKB926239$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB929338$
$NtUninstallKB929399$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB931836$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933360$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB936357$
$NtUninstallKB936782_WMP11$
$NtUninstallKB938464$
$NtUninstallKB938464-v2$
$NtUninstallKB938464_0$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB939683$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941569$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942763$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946648$
$NtUninstallKB946648_0$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950762_0$
$NtUninstallKB950974$
$NtUninstallKB950974_0$
$NtUninstallKB951066$
$NtUninstallKB951066_0$
$NtUninstallKB951072-v2$
$NtUninstallKB951376$
$NtUninstallKB951376-v2$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951376_0$
$NtUninstallKB951698$
$NtUninstallKB951698_0$
$NtUninstallKB951748$
$NtUninstallKB951748_0$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952287_0$
$NtUninstallKB952954$
$NtUninstallKB952954_0$
$NtUninstallKB953839$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB954211$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956391$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956841$
$NtUninstallKB956844$
$NtUninstallKB957095$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958690$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960715$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371$
$NtUninstallKB961373$
$NtUninstallKB961501$
$NtUninstallKB961503$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969898$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB971961$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979683$
$NtUninstallKB980232$
$NtUninstallKB981349$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
ftpcache
ie7
inf
Installer
PIF
QTFont.qfn
WindowsShell.Manifest
winnt.bmp
winnt256.bmp


PATH: C:\windows\system32

dllcache
DVDRippper_sysquict.dat
zllictbl.dat


PATH: C:\windows\system32\drivers



PATH: C:\

BOOT.BKK
boot.ini
cmdcons
dell.sdr
hiberfil.sys
IO.SYS
IPH.PH
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
System Volume Information


User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6245e67e
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6146cae0
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Ravi
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CEE030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb5fd58b0
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Hetvi
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CEF030000
Flags REG_DWORD 0x0
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x3165a594
ProfileLoadTimeHigh REG_DWORD 0x1c6b115
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Hetvi.D57NSK91
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF0030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xf28ded4e
ProfileLoadTimeHigh REG_DWORD 0x1c7369e
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x2415aafe
ProfileLoadTimeHigh REG_DWORD 0x1caf56a
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-501
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF5010000
Flags REG_DWORD 0x0
State REG_DWORD 0x80
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xceca056c
ProfileLoadTimeHigh REG_DWORD 0x1c74721
RefCount REG_DWORD 0x2
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb


Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
desktop.ini
MP Scheduled Scan.job
SA.DAT


Windows Drivers and NT-Services

Volume in drive C is Dimension3100
Volume Serial Number is 3C2B-C942

Directory of C:\Windows\System32\Drivers

Volume in drive C is Dimension3100
Volume Serial Number is 3C2B-C942

Directory of C:\Windows\System32\Drivers

05/05/1999 10:22 AM 9,360 ntmap.sys
02/11/1999 11:01 AM 6,173 Entech.vxd
05/12/2000 04:18 PM 3,952 DMICall.sys
17/08/2001 01:56 PM 7,552 sonypvu1.sys
17/08/2001 03:48 PM 12,160 mouhid.sys
17/08/2001 03:51 PM 3,328 pciide.sys
17/08/2001 03:51 PM 6,656 cmdide.sys
17/08/2001 03:51 PM 5,248 aliide.sys
17/08/2001 03:51 PM 4,992 toside.sys
17/08/2001 03:51 PM 14,848 asc3550.sys
17/08/2001 03:52 PM 23,552 ABP480N5.SYS
17/08/2001 03:52 PM 26,496 asc.sys
17/08/2001 03:52 PM 12,800 aha154x.sys
17/08/2001 03:52 PM 22,400 asc3350p.sys
17/08/2001 03:52 PM 12,032 amsint.sys
17/08/2001 03:52 PM 14,976 cpqarray.sys
17/08/2001 03:52 PM 7,680 cd20xrnt.sys
17/08/2001 03:52 PM 16,000 ini910u.sys
17/08/2001 03:52 PM 13,952 cbidf2k.sys
17/08/2001 03:52 PM 17,280 mraid35x.sys
17/08/2001 03:52 PM 40,448 ql1240.sys
17/08/2001 03:52 PM 33,152 ql10wnt.sys
17/08/2001 03:52 PM 179,584 dac2w2k.sys
17/08/2001 03:52 PM 14,720 dac960nt.sys
17/08/2001 03:52 PM 49,024 ql1280.sys
17/08/2001 03:52 PM 45,312 ql12160.sys
17/08/2001 03:52 PM 40,320 ql1080.sys
17/08/2001 03:52 PM 36,736 ultra.sys
17/08/2001 03:52 PM 125,056 ftdisk.sys
17/08/2001 03:57 PM 16,128 MODEMCSA.sys
17/08/2001 03:59 PM 3,072 audstub.sys
17/08/2001 04:07 PM 101,888 adpu160m.sys
17/08/2001 04:07 PM 16,256 symc810.sys
17/08/2001 04:07 PM 55,168 aic78u2.sys
17/08/2001 04:07 PM 32,640 symc8xx.sys
17/08/2001 04:07 PM 56,960 aic78xx.sys
17/08/2001 04:07 PM 27,296 perc2.sys
17/08/2001 04:07 PM 28,384 sym_hi.sys
17/08/2001 04:07 PM 30,688 sym_u3.sys
17/08/2001 04:07 PM 5,504 perc2hib.sys
17/08/2001 04:07 PM 20,192 dpti2o.sys
17/08/2001 04:07 PM 19,072 sparrow.sys
17/08/2001 04:07 PM 25,952 hpn.sys
19/11/2001 08:05 PM 3,972 PciBus.sys
06/06/2003 09:29 AM 15,884 UMP3.sys
01/08/2003 12:16 AM 17 DVEMODEM.DAT
17/11/2003 11:56 PM 1,042,432 HSF_DP.sys
17/11/2003 11:58 PM 680,704 HSF_CNXT.sys
17/11/2003 11:59 PM 212,224 HSFHWBS2.sys
19/11/2003 10:15 AM 128,398 del200f.cty
13/02/2004 02:41 PM 22,016 rockey4.sys
13/02/2004 02:41 PM 12,928 rockey4usb.sys
25/02/2004 09:28 AM 768,256 smrt.sys
22/06/2004 04:44 PM 5,632 Entech64.sys
17/07/2004 11:35 AM 67,866 netwlan5.img
17/07/2004 11:36 AM 64,352 ativmc20.cod
17/07/2004 10:55 PM 129,045 cxthsfs2.cty
03/08/2004 10:29 PM 327,040 ati2mtaa.sys
03/08/2004 10:29 PM 701,440 ati2mtag.sys
03/08/2004 10:29 PM 57,856 atinbtxx.sys
03/08/2004 10:29 PM 14,336 atinpdxx.sys
03/08/2004 10:29 PM 13,824 atinmdxx.sys
03/08/2004 10:29 PM 52,224 atinraxx.sys
03/08/2004 10:29 PM 11,615 ati1mdxx.sys
03/08/2004 10:29 PM 12,047 ati1pdxx.sys
03/08/2004 10:29 PM 56,623 ati1btxx.sys
03/08/2004 10:29 PM 29,455 ati1xbxx.sys
03/08/2004 10:29 PM 31,744 atinxbxx.sys
03/08/2004 10:29 PM 63,488 atinxsxx.sys
03/08/2004 10:29 PM 21,343 ati1ttxx.sys
03/08/2004 10:29 PM 26,367 ati1snxx.sys
03/08/2004 10:29 PM 63,663 ati1rvxx.sys
03/08/2004 10:29 PM 30,671 ati1raxx.sys
03/08/2004 10:29 PM 28,672 atinsnxx.sys
03/08/2004 10:29 PM 104,960 atinrvxx.sys
03/08/2004 10:29 PM 73,216 atintuxx.sys
03/08/2004 10:29 PM 36,463 ati1tuxx.sys
03/08/2004 10:29 PM 34,735 ati1xsxx.sys
03/08/2004 10:29 PM 13,824 atinttxx.sys
03/08/2004 10:29 PM 452,736 mtxparhm.sys
03/08/2004 10:29 PM 11,295 wadv08nt.sys
03/08/2004 10:29 PM 11,807 wadv07nt.sys
03/08/2004 10:29 PM 11,871 wadv09nt.sys
03/08/2004 10:29 PM 11,935 wadv11nt.sys
03/08/2004 10:29 PM 22,271 watv06nt.sys
03/08/2004 10:29 PM 25,471 watv10nt.sys
03/08/2004 10:29 PM 166,912 s3gnbm.sys
03/08/2004 10:41 PM 1,309,184 mtlstrm.sys
03/08/2004 10:41 PM 180,360 ntmtlfax.sys
03/08/2004 10:41 PM 126,686 mtlmnt5.sys
03/08/2004 10:41 PM 13,776 recagent.sys
03/08/2004 10:41 PM 129,535 slnt7554.sys
03/08/2004 10:41 PM 404,990 slntamr.sys
03/08/2004 10:41 PM 95,424 slnthal.sys
03/08/2004 10:41 PM 13,240 slwdmsup.sys
03/08/2004 10:41 PM 220,032 hsfbs2s2.sys
03/08/2004 10:41 PM 685,056 hsfcxts2.sys
03/08/2004 10:41 PM 1,041,536 hsfdpsp2.sys
03/08/2004 10:41 PM 11,868 mdmxsdk.sys
04/08/2004 12:29 AM 1,897,408 nv4_mini.sys
04/08/2004 07:00 AM 5,888 rootmdm.sys
04/08/2004 07:00 AM 32,896 ipfltdrv.sys
04/08/2004 07:00 AM 5,888 dmload.sys
04/08/2004 07:00 AM 12,032 riodrv.sys
04/08/2004 07:00 AM 12,032 rio8drv.sys
04/08/2004 07:00 AM 16,512 raspti.sys
04/08/2004 07:00 AM 12,032 ws2ifsl.sys
04/08/2004 07:00 AM 4,224 rdpcdd.sys
04/08/2004 07:00 AM 10,496 dxapi.sys
04/08/2004 07:00 AM 11,648 acpiec.sys
04/08/2004 07:00 AM 3,328 dxgthk.sys
04/08/2004 07:00 AM 4,352 wmilib.sys
04/08/2004 07:00 AM 58,112 vdmindvd.sys
04/08/2004 07:00 AM 11,776 cpqdap01.sys
04/08/2004 07:00 AM 4,224 beep.sys
04/08/2004 07:00 AM 12,032 nikedrv.sys
04/08/2004 07:00 AM 34,432 rawwan.sys
04/08/2004 07:00 AM 14,592 smclib.sys
04/08/2004 07:00 AM 4,736 usbd.sys
04/08/2004 07:00 AM 352,256 atmuni.sys
04/08/2004 07:00 AM 262,528 cinemst2.sys
04/08/2004 07:00 AM 12,160 fsvga.sys
04/08/2004 07:00 AM 7,936 fs_rec.sys
04/08/2004 07:00 AM 31,360 atmepvc.sys
04/08/2004 07:00 AM 6,784 parvdm.sys
04/08/2004 07:00 AM 3,456 oprghdlr.sys
04/08/2004 07:00 AM 3,440,660 gm.dls
04/08/2004 07:00 AM 646 gmreadme.txt
04/08/2004 07:00 AM 55,936 nwlnkspx.sys
04/08/2004 07:00 AM 21,376 tsbvcap.sys
04/08/2004 07:00 AM 63,232 nwlnknb.sys
04/08/2004 07:00 AM 32,512 nwlnkfwd.sys
04/08/2004 07:00 AM 12,416 nwlnkflt.sys
04/08/2004 07:00 AM 8,832 rasacd.sys
04/08/2004 07:00 AM 2,944 null.sys
04/08/2004 07:00 AM 51,712 tosdvd.sys
04/08/2004 07:00 AM 4,224 mnmdd.sys
04/08/2004 07:00 AM 17,792 ptilink.sys
04/08/2004 07:00 AM 18,688 Cdaudio.sys
04/08/2004 07:00 AM 7,680 mcd.sys
10/08/2004 02:52 PM disdn
12/08/2004 07:45 PM 113,664 Hdaudio.sys
14/10/2004 10:30 AM 155,648 e100b325.sys
15/10/2004 12:50 PM 15,295 BrScnUsb.sys
25/10/2004 09:02 PM 21,664 entech.sys
02/11/2004 05:12 PM 19,456 iqvw32.sys
10/02/2005 07:07 AM 456,448 ar5211.sys
25/04/2005 04:03 AM 20,640 pxhelp20.sys
02/08/2005 11:00 PM 232,192 rt73.sys
14/10/2005 11:15 PM 1,302,812 ialmnt5.sys
16/11/2005 11:36 PM 1,047,816 sthda.sys
18/01/2006 10:44 PM 53,248 BrSerIf.sys
19/01/2006 03:17 AM 11,904 BrUsbSer.sys
20/01/2006 01:04 PM 360 StMp3Recnt.cat
20/01/2006 04:27 PM 71,358 stmp3rec.sys
01/03/2006 08:26 PM 5,572 1028_Dell_DIM_DV051.mrk
30/06/2006 04:10 PM 26,752 rimserial.sys
28/09/2006 07:55 PM 77,568 wudfpf.sys
28/09/2006 08:00 PM 82,944 wudfrd.sys
18/10/2006 09:00 PM 38,528 wpdusb.sys
14/12/2006 10:25 PM umdf
13/01/2007 10:33 AM 5,672,032 igxpmp32.sys
13/11/2007 06:25 AM 20,480 secdrv.sys
27/03/2008 12:44 PM 717,296 sptd.sys
13/04/2008 12:36 PM 144,384 hdaudbus.sys
13/04/2008 12:39 PM 142,592 aec.sys
13/04/2008 02:31 PM 35,840 processr.sys
13/04/2008 02:31 PM 42,752 p3.sys
13/04/2008 02:31 PM 36,352 intelppm.sys
13/04/2008 02:31 PM 37,376 amdk6.sys
13/04/2008 02:31 PM 36,736 crusoe.sys
13/04/2008 02:31 PM 37,760 amdk7.sys
13/04/2008 02:32 PM 66,048 udfs.sys
13/04/2008 02:32 PM 19,072 msfs.sys
13/04/2008 02:32 PM 30,848 npfs.sys
13/04/2008 02:32 PM 180,608 mrxdav.sys
13/04/2008 02:32 PM 196,224 rdpdr.sys
13/04/2008 02:32 PM 129,792 fltmgr.sys
13/04/2008 02:33 PM 44,544 fips.sys
13/04/2008 02:36 PM 5,888 smbali.sys
13/04/2008 02:36 PM 187,776 acpi.sys
13/04/2008 02:36 PM 42,752 alim1541.sys
13/04/2008 02:36 PM 42,368 agp440.sys
13/04/2008 02:36 PM 44,928 agpcpq.sys
13/04/2008 02:36 PM 43,008 amdagp.sys
13/04/2008 02:36 PM 40,960 sisagp.sys
13/04/2008 02:36 PM 46,464 gagp30kx.sys
13/04/2008 02:36 PM 44,672 uagp35.sys
13/04/2008 02:36 PM 42,240 viaagp.sys
13/04/2008 02:36 PM 63,744 mf.sys
13/04/2008 02:36 PM 37,248 isapnp.sys
13/04/2008 02:36 PM 120,192 pcmcia.sys
13/04/2008 02:36 PM 68,224 pci.sys
13/04/2008 02:36 PM 79,232 sdbus.sys
13/04/2008 02:36 PM 15,488 mssmbios.sys
13/04/2008 02:36 PM 73,472 sr.sys
13/04/2008 02:38 PM 71,168 dxg.sys
13/04/2008 02:39 PM 384,768 update.sys
13/04/2008 02:39 PM 42,368 mountmgr.sys
13/04/2008 02:39 PM 23,040 mouclass.sys
13/04/2008 02:39 PM 24,576 kbdclass.sys
13/04/2008 02:39 PM 14,592 kbdhid.sys
13/04/2008 02:39 PM 5,504 mstee.sys
13/04/2008 02:39 PM 5,376 mspclock.sys
13/04/2008 02:39 PM 4,992 mspqm.sys
13/04/2008 02:39 PM 7,552 mskssrv.sys
13/04/2008 02:39 PM 4,352 swenum.sys
13/04/2008 02:40 PM 80,128 parport.sys
13/04/2008 02:40 PM 15,744 serenum.sys
13/04/2008 02:40 PM 27,392 fdc.sys
13/04/2008 02:40 PM 20,480 flpydisk.sys
13/04/2008 02:40 PM 34,688 lbrtfdc.sys
13/04/2008 02:40 PM 57,600 redbook.sys
13/04/2008 02:40 PM 24,960 pciidex.sys
13/04/2008 02:40 PM 5,504 intelide.sys
13/04/2008 02:40 PM 96,384 scsiport.sys
13/04/2008 02:40 PM 96,512 atapi.sys
13/04/2008 02:40 PM 5,376 viaide.sys
13/04/2008 02:40 PM 14,208 diskdump.sys
13/04/2008 02:40 PM 62,976 cdrom.sys
13/04/2008 02:40 PM 11,008 sffp_sd.sys
13/04/2008 02:40 PM 36,352 disk.sys
13/04/2008 02:40 PM 11,904 sffdisk.sys
13/04/2008 02:40 PM 11,392 Sfloppy.sys
13/04/2008 02:40 PM 10,240 sffp_mmc.sys
13/04/2008 02:40 PM 19,712 partmgr.sys
13/04/2008 02:40 PM 14,976 tape.sys
13/04/2008 02:40 PM 8,192 changer.sys
13/04/2008 02:40 PM 42,112 imapi.sys
13/04/2008 02:41 PM 52,352 volsnap.sys
13/04/2008 02:41 PM 18,560 i2omp.sys
13/04/2008 02:41 PM 8,576 i2omgmt.sys
13/04/2008 02:43 PM 12,672 mutohpen.sys
13/04/2008 02:43 PM 14,208 wacompen.sys
13/04/2008 02:44 PM 20,992 vga.sys
13/04/2008 02:44 PM 81,664 videoprt.sys
13/04/2008 02:44 PM 153,344 dmio.sys
13/04/2008 02:44 PM 799,744 dmboot.sys
13/04/2008 02:45 PM 52,864 dmusic.sys
13/04/2008 02:45 PM 6,272 splitter.sys
13/04/2008 02:45 PM 172,416 kmixer.sys
13/04/2008 02:45 PM 56,576 swmidi.sys
13/04/2008 02:45 PM 2,944 drmkaud.sys
13/04/2008 02:45 PM 24,960 hidparse.sys
13/04/2008 02:45 PM 36,864 hidclass.sys
13/04/2008 02:45 PM 19,200 hidir.sys
13/04/2008 02:45 PM 10,368 hidusb.sys
13/04/2008 02:45 PM 15,104 usbscan.sys
13/04/2008 02:45 PM 30,208 usbehci.sys
13/04/2008 02:45 PM 20,608 usbuhci.sys
13/04/2008 02:45 PM 143,872 usbport.sys
13/04/2008 02:45 PM 59,520 usbhub.sys
13/04/2008 02:45 PM 26,368 usbstor.sys
13/04/2008 02:45 PM 32,128 usbccgp.sys
13/04/2008 02:45 PM 25,600 usbcamd.sys
13/04/2008 02:45 PM 25,728 usbcamd2.sys
13/04/2008 02:45 PM 15,872 usbintel.sys
13/04/2008 02:46 PM 25,344 sonydcam.sys
13/04/2008 02:46 PM 15,232 streamip.sys
13/04/2008 02:46 PM 10,880 ndisip.sys
13/04/2008 02:46 PM 11,136 slip.sys
13/04/2008 02:46 PM 17,024 ccdecode.sys
13/04/2008 02:46 PM 19,200 wstcodec.sys
13/04/2008 02:46 PM 85,248 nabtsfec.sys
13/04/2008 02:46 PM 18,944 bthusb.sys
13/04/2008 02:46 PM 25,600 hidbth.sys
13/04/2008 02:46 PM 36,480 bthprint.sys
13/04/2008 02:46 PM 59,136 rfcomm.sys
13/04/2008 02:46 PM 37,888 bthmodem.sys
13/04/2008 02:46 PM 17,024 bthenum.sys
13/04/2008 02:47 PM 25,856 usbprint.sys
13/04/2008 02:51 PM 61,824 nic1394.sys
13/04/2008 02:51 PM 59,904 atmarpc.sys
13/04/2008 02:51 PM 60,800 arp1394.sys
13/04/2008 02:51 PM 55,808 atmlane.sys
13/04/2008 02:51 PM 101,120 bthpan.sys
13/04/2008 02:53 PM 40,320 nmnt.sys
13/04/2008 02:53 PM 71,552 bridge.sys
13/04/2008 02:53 PM 36,608 ip6fw.sys
13/04/2008 02:54 PM 11,264 irenum.sys
13/04/2008 02:55 PM 14,592 ndisuio.sys
13/04/2008 02:56 PM 12,288 tunmp.sys
13/04/2008 02:56 PM 34,688 netbios.sys
13/04/2008 02:56 PM 88,320 nwlnkipx.sys
13/04/2008 02:56 PM 35,072 msgpc.sys
13/04/2008 02:56 PM 69,120 psched.sys
13/04/2008 02:56 PM 12,800 usb8023.sys
13/04/2008 02:56 PM 30,592 rndismpx.sys
13/04/2008 02:56 PM 12,800 usb8023x.sys
13/04/2008 02:56 PM 30,592 rndismp.sys
13/04/2008 02:57 PM 20,864 ipinip.sys
13/04/2008 02:57 PM 152,832 ipnat.sys
13/04/2008 02:57 PM 34,560 wanarp.sys
13/04/2008 02:57 PM 14,336 asyncmac.sys
13/04/2008 02:57 PM 10,112 ndistapi.sys
13/04/2008 02:57 PM 40,576 ndproxy.sys
13/04/2008 02:57 PM 41,472 raspppoe.sys
13/04/2008 03:00 PM 19,072 tdi.sys
13/04/2008 03:00 PM 30,080 modem.sys
13/04/2008 03:14 PM 63,744 cdfs.sys
13/04/2008 03:14 PM 143,744 fastfat.sys
13/04/2008 03:15 PM 64,512 serial.sys
13/04/2008 03:15 PM 574,976 ntfs.sys
13/04/2008 03:15 PM 60,800 sysaudio.sys
13/04/2008 03:16 PM 49,536 classpnp.sys
13/04/2008 03:17 PM 105,344 mup.sys
13/04/2008 03:17 PM 83,072 wdmaud.sys
13/04/2008 03:18 PM 52,480 i8042prt.sys
13/04/2008 03:19 PM 75,264 ipsec.sys
13/04/2008 03:19 PM 51,328 rasl2tp.sys
13/04/2008 03:19 PM 48,384 raspptp.sys
13/04/2008 03:20 PM 182,656 ndis.sys
13/04/2008 03:20 PM 91,520 ndiswan.sys
13/04/2008 03:21 PM 162,816 netbt.sys
13/04/2008 03:28 PM 175,744 rdbss.sys
13/04/2008 03:45 PM 60,032 usbaudio.sys
13/04/2008 03:45 PM 60,160 drmk.sys
13/04/2008 03:45 PM 49,408 stream.sys
13/04/2008 03:46 PM 121,984 usbvideo.sys
13/04/2008 04:16 PM 141,056 ks.sys
13/04/2008 04:19 PM 146,048 portcls.sys
13/04/2008 08:11 PM 4,255 adv01nt5.dll
13/04/2008 08:11 PM 3,615 adv05nt5.dll
13/04/2008 08:11 PM 3,135 adv08nt5.dll
13/04/2008 08:11 PM 3,711 adv09nt5.dll
13/04/2008 08:11 PM 3,775 adv11nt5.dll
13/04/2008 08:11 PM 3,647 adv07nt5.dll
13/04/2008 08:11 PM 3,967 adv02nt5.dll
13/04/2008 08:11 PM 11,359 atv02nt5.dll
13/04/2008 08:11 PM 25,471 atv04nt5.dll
13/04/2008 08:11 PM 15,423 ch7xxnt5.dll
13/04/2008 08:11 PM 14,143 atv06nt5.dll
13/04/2008 08:11 PM 17,279 atv10nt5.dll
13/04/2008 08:11 PM 21,183 atv01nt5.dll
13/04/2008 08:12 PM 3,901 siint5.dll
13/04/2008 08:12 PM 11,325 vchnt5.dll
13/04/2008 08:13 PM 40,840 termdd.sys
13/04/2008 08:13 PM 12,040 TDPIPE.sys
13/04/2008 08:13 PM 21,896 TDTCP.sys
13/04/2008 08:13 PM 139,656 RDPWD.sys
08/05/2008 10:02 AM 203,136 rmcast.sys
13/06/2008 07:05 AM 272,128 bthport.sys
20/06/2008 07:51 AM 361,600 tcpip.sys
04/08/2008 05:22 PM 33,808 nx6000.sys
14/08/2008 06:04 AM 138,496 afd.sys
11/01/2009 07:18 PM 80,552 sscdbus.sys
11/01/2009 07:18 PM 9,256 sscdcmnt.sys
11/01/2009 07:18 PM 9,256 sscdcm.sys
11/01/2009 07:18 PM 11,944 sscdmdfl.sys
11/01/2009 07:18 PM 106,792 sscdmdm.sys
11/01/2009 07:18 PM 86,824 sscdserd.sys
11/01/2009 07:18 PM 9,256 sscdwh.sys
11/01/2009 07:18 PM 9,256 sscdwhnt.sys
15/03/2009 06:25 AM 56,268 scdemu.sys
25/04/2009 07:13 PM 138,512 PnkBstrK.sys
03/05/2009 12:00 AM 47,360 pcouffin.sys
18/05/2009 02:17 PM 26,600 GEARAspiWDM.sys
24/06/2009 07:18 AM 92,928 ksecdd.sys
03/09/2009 09:45 AM 70,408 pctplsg.sys
15/09/2009 01:01 AM 7,387 pctgntdi.cat
15/09/2009 02:12 AM 7,412 PCTAppEvent.cat
15/09/2009 06:20 AM 7,383 pctplsg.cat
16/09/2009 03:20 AM 7,383 pctcore.cat
23/09/2009 04:10 PM 207,280 PCTCore.sys
24/09/2009 08:55 AM 229,304 pctgntdi.sys
06/10/2009 04:31 PM 87,784 PCTAppEvent.sys
16/10/2009 02:33 AM 41,472 usbaapl.sys
20/10/2009 12:20 PM 265,728 http.sys
02/12/2009 03:23 PM 149,040 MpFilter.sys
31/12/2009 12:50 PM 353,792 srv.sys
11/02/2010 08:02 AM 226,880 tcpip6.sys
24/02/2010 09:11 AM 455,680 mrxsmb.sys
01/06/2010 08:07 PM etc
01/06/2010 08:18 PM .
01/06/2010 08:18 PM ..
370 File(s) 41,658,143 bytes
5 Dir(s) 92,024,516,608 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ravi\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D57NSK91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ravi
LOGONSERVER=\\D57NSK91
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ravi\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ravi\LOCALS~1\Temp
USERDOMAIN=D57NSK91
USERNAME=Ravi
USERPROFILE=C:\Documents and Settings\Ravi
windir=C:\WINDOWS


Stealth malware?



Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
Default_Secondary_Page_URL REG_MULTI_SZ \0\0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
Enable Browser Extensions REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
WarnOnZoneCrossing REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
SecureProtocols REG_DWORD 0xa0
EnableAutodial REG_DWORD 0x0
WarnOnIntranet REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
ProxyOverride REG_SZ ;*.local
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
SearchMigrated REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4E000000290000007B030000E6020000
CompatibilityFlags REG_DWORD 0x0
LastCheckedHi REG_DWORD 0x1cb025b
Start Page REG_SZ http://www.msn.com/
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
Use FormSuggest REG_SZ no
FormSuggest Passwords REG_SZ yes
FormSuggest PW Ask REG_SZ no
Enable Browser Extensions REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
NotifyDownloadComplete REG_SZ yes
AutoHide REG_SZ yes
ControlTooltipCount REG_DWORD 0x5
StatusBarWeb REG_DWORD 0x1
First Home Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54843

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0BF43445-2F28-4351-9252-17FE6E806AA0} REG_SZ McAfee SiteAdvisor
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} REG_BINARY 00
{47833539-D0C5-4125-9FA8-0819E2EAAC93} REG_BINARY 00
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\QuickComplete

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to Existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert Link Target to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF


Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
AOL Connectivity Services REG_SZ
REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ABBYY FineReader 5.0 Sprint

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe® Photoshop® Album Starter Edition 3.2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CAL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDVC5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDVC6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowLauncher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Canon G.726 WMP-Decoder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CSCLIB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EOS Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928090-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931768-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939653-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961503

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981349

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed Jun 02, 2010 10:07 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Measurement Services Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! Live

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Essentials

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieEditTask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.13)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSNINST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyCameraDC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROPLUS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RAW Image Task

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RemoteCaptureTask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SopCast

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vodafone 804SS USB driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Mobile Device Handbook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX Memory Card Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{075473F5-846A-448B-BCB3-104AA1760205}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D490016-5D01-4CB3-A037-55814AC63D2E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21657574-BD54-48A2-9450-EB03B2C7FC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216010FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35BDEFF1-A610-4956-A00D-15453C116395}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B4E636E-9D65-4D67-BA61-189800823F52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{548EEA8E-8299-497F-8057-811D2D7097DC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6412CECE-8172-4BE5-935B-6CECACD2CA87}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6990A2BF-D1D2-11D3-81BC-00609789C908}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A1975EB-27E6-491D-94BC-6355FA25F40F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74F7662C-B1DB-489E-A8AC-07A06B24978B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76C24F39-B161-498F-BD8B-C64789812D13}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B08D306-7266-4647-A926-2F78817ED1E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A253629-0511-4854-8B4E-46E57E66005C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0010-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2C69BACE-1151-41C0-8C8D-F6026D510BD4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34573F17-DADE-4D0D-835F-A54A1DE8AC1F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{432C5EE4-8096-4FF1-95E1-65219365DFF7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{667A88D1-0369-4070-A62A-70672D68A9BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6DE3DABF-0203-426B-B330-7287D1003E86}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7559E742-FF9F-4FAE-B279-008ED296CB4D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CF3D6499-709C-43D0-8908-BC5652656050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93B80FB1-7A23-11D3-B250-00105A1F4184}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97130A1A-4AC4-4E5F-9F13-B658D2F25AB4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A654A805-41D9-40C7-AA46-4AF04F044D61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAF4238F-7C29-451D-9925-C753271A5728}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B12665F4-4E93-4AB4-B7FC-37053B524629}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B702CCCE-3176-4DBF-B932-D1B8F402F330}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CECFDD53-35DB-4235-9363-7964A0C88E0E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D050D7362D214723AD585B541FFB6C11}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09B48B5-E141-427A-AB0C-D3605127224A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2DFE069-083E-4631-9B6C-43C48E991DE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9ED0801-253D-4FE9-AB20-F63DEFE72547}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF98A02A-1748-4762-9B7D-5ED1600520D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sun Download Manager 2.0 (web)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Update REG_SZ "C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Adobe Acrobat Speed Launcher REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSSE REG_SZ "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel


Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
ActiveX


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DCEC959-378A-4922-AD7E-FD5C925D927F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792-115447494D24}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FEFF364-6A5F-4966-A917-A3AC28411659}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E265649-6E0E-4EEA-9F49-DAE0801440CF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CD995117-98E5-4169-9920-6C12D4C0B548}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0636FB7B-1F84-45C8-ACB7-3DB694953DDB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12E90842-C7FC-410B-9C0A-C16A41E9C3BC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2810EB22-763D-4D0C-9450-64BBD1758685}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{333738F7-7213-41D7-8B48-7BBF8FF84506}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37986F02-8398-46DF-8EF8-6C1949A3FB54}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C78A53C-626B-42FD-A988-D71B8878FDCC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{531D3D38-B38F-4A40-9052-52EFBA55506B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F0F8113-20C1-4883-BE1F-78D5268E9D54}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F99F7B89-9064-4116-A439-222599256C73}


Windows IP Configuration



Host Name . . . . . . . . . . . . : D57NSK91

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-DF-C4-85

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::213:20ff:fedf:c485%4

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : June 2, 2010 9:56:22 AM

Lease Expires . . . . . . . . . . : June 5, 2010 9:56:22 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-0C

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.12%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Wed Jun 02, 2010 10:07 pm

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x42c
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


SafeBoot



AppCert DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls


Extra


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\1

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\2

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\3

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\4

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\5

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\6

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\7

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\8


App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Acrobat.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcrobatInfo.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroDist.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ahc.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Help Center\
REG_SZ C:\Program Files\Adobe\Adobe Help Center\ahc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BrMfcWnd.exe
Path REG_SZ C:\Program Files\Brother\Brmfcmon

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
REG_SZ C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Path REG_SZ C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Chrome\Application

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\Ravi\Desktop\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTRegSvr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTSI.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
Path REG_SZ C:\Program Files\Digital Line Detect
REG_SZ C:\Program Files\Digital Line Detect\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DMX.exe
Path REG_SZ C:\Program Files\Dell\Media Experience\
REG_SZ C:\Program Files\Dell\Media Experience\DMX.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\gvr.exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket
REG_SZ C:\Program Files\Sony\Giga Pocket\gvr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\halsv.exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket
REG_SZ C:\Program Files\Sony\Giga Pocket\halsv.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ImageReady.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\
REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaHub.exe
Path REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\
REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MOH.exe
Path REG_SZ C:\Program Files\NetWaiting

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
REG_SZ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD.exe
Path REG_SZ C:\Program Files\Roxio\MyDVD\
REG_SZ C:\Program Files\Roxio\MyDVD\MyDVD.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ORUN32.EXE
Path REG_SZ C:\WINDOWS\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PC_Info.exe
REG_SZ C:\Program Files\Common Files\Sony Shared\PC_Info\pc_info.exe
Path REG_SZ C:\Program Files\Common Files\Sony Shared\PC_Info\PC_Info.exe;C:\Program Files\Common Files\Sony Shared\SXBIOS

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhEditor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhonTool.exe
Path REG_SZ C:\Program Files\Classic PhoneTools
REG_SZ C:\Program Files\Classic PhoneTools\PhonTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoEditor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\
REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony MPEG Decoder Library

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony Shared Library for XP

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony Video Shared Library
Path REG_SZ C:\Program Files\Common Files\Sony Shared\VideoLib

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SopCast.exe
REG_SZ C:\Program Files\SopCast\SopCast.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\UILib.DLL
Path REG_SZ C:\Program Files\Common Files\Sony Shared\UILibrary
REG_SZ C:\Program Files\Common Files\Sony Shared\UILibrary\UILib.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\USBSircs.exe
Path REG_SZ C:\Program Files\Sony\USBSircs
REG_SZ C:\Program Files\Sony\USBSircs\USBSircs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\wlmail.exe
Path REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket Demo


Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Desktop
SOFTWARE\Classes\MIME\Database\Content Type\application/x-xpinstall;app=firefox REG_SZ .xpi
SOFTWARE\Classes\.htm REG_SZ htmlfile
SOFTWARE\Classes\.html REG_SZ htmlfile
SOFTWARE\Classes\HTTP\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\HTTP\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
SOFTWARE\Classes\HTTPS\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\HTTPS\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
SOFTWARE\Classes\FTP\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\FTP\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
SOFTWARE\Classes\GOPHER\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\GOPHER\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon REG_SZ "C:\Program Files\Mozilla Firefox\firefox.exe",0
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe -preferences
SOFTWARE\Clients\StartMenuInternet\ REG_SZ IEXPLORE.EXE
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\ REG_SZ Mozilla Firefox
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties REG_SZ Mozilla Firefox &Options

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
[You must be registered and logged in to see this link.] REG_SZ C:\Program Files\Google\Web Accelerator\firefox
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[You must be registered and logged in to see this link.] REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
REG_SZ 1.9.0.13
CurrentVersion REG_SZ 3.0.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)
REG_SZ 3.0.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Create Quick Launch Shortcut REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)\Uninstall
Uninstall Log Folder REG_SZ C:\Program Files\Mozilla Firefox\uninstall
Description REG_SZ Mozilla Firefox (3.0.13)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13
GeckoVer REG_SZ 1.9.0.13

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
DisplayVersion REG_SZ 10.0.22.87
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1


{END OF FILE}

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Thu Jun 03, 2010 12:40 am

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

======================

  • Please go to VirSCAN.org FREE on-line scan
    service

  • Browse for the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\windows\system32\DVDRippper_sysquict.dat

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


====================

Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Mon Jun 07, 2010 11:53 pm

VirSCAN.org Scanned Report :
Scanned time : 2010/06/07 18:50:49 (CDT)
Scanner results: Scanners did not find malware!
File Name : DVDRippper_sysquict.dat
File Size : 34 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 0ac5e52c68bae3e0d3e9ba431ad54b3f
SHA1 : 1285ebf028c86a944cfaa40ca9fbd7bd545fc376
Online report : [You must be registered and logged in to see this link.]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100608060115 2010-06-08 1.13 -
AhnLab V3 2010.06.08.00 2010.06.08 2010-06-08 1.22 -
AntiVir 8.2.2.6 7.10.8.4 2010-06-07 0.27 -
Antiy 2.0.18 20100602.4613711 2010-06-02 0.02 -
Arcavir 2009 201006071157 2010-06-07 0.02 -
Authentium 5.1.1 201006071400 2010-06-07 1.36 -
AVAST! 4.7.4 100607-2 2010-06-07 0.00 -
AVG 8.5.793 271.1.1/2924 2010-06-08 0.23 -
BitDefender 7.90123.6160891 7.32092 2010-06-08 3.95 -
ClamAV 0.96.1 11151 2010-06-07 0.00 -
Comodo 3.13.579 5022 2010-06-07 1.03 -
CP Secure 1.3.0.5 2010.06.08 2010-06-08 0.01 -
Dr.Web 5.0.2.3300 2010.06.08 2010-06-08 7.91 -
F-Prot 4.4.4.56 20100607 2010-06-07 1.30 -
F-Secure 7.02.73807 2010.06.07.06 2010-06-07 0.10 -
Fortinet 4.1.133 12.28 2010-06-07 0.10 -
GData 21.315/21.104 20100608 2010-06-08 7.87 -
ViRobot 20100607 2010.06.07 2010-06-07 0.39 -
Ikarus T3.1.01.84 2010.06.07.76021 2010-06-07 6.59 -
JiangMin 13.0.900 2010.06.07 2010-06-07 1.22 -
Kaspersky 5.5.10 2010.06.07 2010-06-07 0.04 -
KingSoft 2009.2.5.15 2010.6.7.19 2010-06-07 0.65 -
McAfee 5400.1158 6006 2010-06-07 16.21 -
Microsoft 1.5802 2010.06.08 2010-06-08 7.15 -
Norman 6.04.12 6.04.00 2010-06-07 6.01 -
Panda 9.05.01 2010.06.07 2010-06-07 2.14 -
Trend Micro 9.120-1004 7.224.21 2010-06-07 0.02 -
Quick Heal 10.00 2010.06.07 2010-06-07 1.71 -
Rising 20.0 22.51.00.04 2010-06-07 0.20 -
Sophos 3.07.1 4.54 2010-06-08 3.32 -
Sunbelt 3.9.2424.2 6416 2010-06-07 8.54 -
Symantec 1.3.0.24 20100607.006 2010-06-07 0.33 -
nProtect 20100607.01 8594755 2010-06-07 7.86 -
The Hacker 6.5.2.0 v00292 2010-06-03 0.32 -
VBA32 3.12.12.5 20100607.0801 2010-06-07 2.76 -
VirusBuster 4.5.11.10 10.126.70/2028766 2010-06-08 2.33 -

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Tue Jun 08, 2010 12:09 am

[You must be registered and logged in to see this link.]

btw, i don't use firefox anymore, i use google chrome.. so is it okay if i just uninstall firefox?

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Tue Jun 08, 2010 12:46 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Thu Jun 10, 2010 7:50 pm

I got that popup again when i ran TFC.. it said windows was going to restart because something was turned off or something while TFC was running.. i don't think it got to finish.. the computer just restarted while it was running. There was a 1:00 min timer for it that i couldn't stop..

Anyway, here the check.txt document


Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton 360
Microsoft Security Essentials
Microsoft Security Essentialy successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
SpywareBlaster 4.3
Spybot - Search & Destroy
Java(TM) 6 Update 20
Adobe Flash Player 10.0.22.87
Adobe Reader 9.3.2
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by Dr Jay on Fri Jun 11, 2010 12:41 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: issues with internet browsers after getting rid of malware

Post by tandoori on Thu Jun 17, 2010 9:32 pm

Thank you very much for your help. The sound still turns off every now and then but everything else is running smoothly. Keep up the good work!

tandoori
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-05-17
OS OS : XP
Points Points : 24343
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum