Another AV security Suite infection

View previous topic View next topic Go down

Another AV security Suite infection

Post by sheltered on 12th June 2010, 7:40 am

Here's the notepad doc:

******************************

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:34:16 AM, on 6/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} (Photo Upload Plugin Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 10086 bytes


Last edited by sheltered on 13th June 2010, 7:16 pm; edited 1 time in total

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 12th June 2010, 8:19 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 13th June 2010, 3:28 am

First of all, thanks for the attention and help!

When launching Combofix it requires to end any antiviris scans. The process for the AVG free 9.0 scan (avgwdsvc.exe) will not end. After restarting the computer it also persisted not to end. Is uninstalling AVG advisable?

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 13th June 2010, 6:36 pm

If you would like to uninstall AVG, go ahead. I have a good recommendation for an antivirus after your computer is clean. Smile

Post the log once you have run the scan.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 13th June 2010, 7:20 pm

Right, so now I'm trying uninstall AVG free. It seems though there's a problem with the registry and it won't uninstall. I'll try and post the log I saved for it, but it's pretty huge.

The problem is I can't run the scan until I completely remove AVG so I'm kinda stuck...

*EDIT*

Forget the log it's giant... >.<

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 13th June 2010, 7:25 pm

Goofy Download and run AVG Remover: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 14th June 2010, 2:01 am

I removed AVG, but Combofix still warned me about it running, so I ran Combofix anyways knowing that AVG couldn't be (No process running). Here's the log:

ComboFix 10-06-12.02 - Travis 06/13/2010 18:32:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.228 [GMT -7:00]
Running from: c:\documents and settings\Travis\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Travis\autorun.inf
c:\documents and settings\Travis\dirtysock.dll
c:\documents and settings\Travis\FIFA10Demo.exe
c:\documents and settings\Travis\GDFBinary.dll
c:\progra~1\COMMON~1\{3C15C~1
c:\progra~1\COMMON~1\{5C15C~1
c:\progra~1\COMMON~1\{5C15C~2
c:\program files\appatc~1
c:\program files\Common Files\mbols~1
c:\program files\Common Files\smbols~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\tsks~1
c:\program files\crosof~1
c:\program files\curity~1
c:\program files\fnts~1
c:\program files\racle~1
c:\program files\racle~2
c:\program files\sembly~1
c:\program files\smante~1
c:\program files\ymbols~1
C:\reg.reg
c:\windows\fnts~1
c:\windows\fnts~1\COFFTMI_.TTF
c:\windows\fnts~1\HELLDORA.TTF
c:\windows\fnts~1\Oldengl.TTF
c:\windows\fnts~1\playbill.TTF
c:\windows\sks~1
c:\windows\system\msvbvm60.dll
c:\windows\ymbols~1
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-12 07:28 . 2010-06-12 07:28 -------- d-----w- c:\program files\TrendMicro
2010-06-12 06:06 . 2010-06-12 06:06 -------- d-----w- C:\sh4ldr
2010-06-12 06:06 . 2010-06-12 06:06 -------- d-----w- c:\program files\Enigma Software Group
2010-06-12 06:06 . 2010-06-12 06:06 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-02 23:43 . 2010-06-02 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2010-06-02 23:43 . 2010-06-05 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-06-02 23:43 . 2010-06-09 23:53 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-02 23:42 . 2010-06-02 23:42 -------- d-----w- c:\program files\Electronic Arts
2010-06-01 05:51 . 2010-06-01 05:51 -------- d-----w- c:\documents and settings\Travis\Application Data\AdobeUM
2010-06-01 05:51 . 2010-06-01 05:51 -------- d-----w- c:\documents and settings\Travis\Local Settings\Application Data\Adobe
2010-06-01 03:10 . 2010-06-01 03:10 -------- d--h--r- c:\documents and settings\Travis\Application Data\SecuROM
2010-06-01 03:10 . 2010-06-01 03:10 -------- d-----w- c:\documents and settings\Travis\Application Data\Leadertech
2010-05-28 06:26 . 2010-05-28 06:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2010-05-28 01:03 . 2010-05-28 01:03 -------- d-----w- c:\windows\system32\LogFiles
2010-05-27 03:23 . 2010-06-01 02:39 -------- d-----w- C:\Nexon
2010-05-27 02:44 . 2010-05-28 23:43 -------- d-----w- c:\documents and settings\Travis\Local Settings\Application Data\PMB Files
2010-05-27 02:44 . 2010-05-31 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-27 02:43 . 2010-05-27 02:43 -------- d-----w- c:\program files\Pando Networks
2010-05-23 02:08 . 2010-05-23 02:29 -------- d-----w- c:\windows\NV8721340.TMP
2010-05-22 00:52 . 2010-05-22 00:52 -------- d-----w- c:\documents and settings\Travis\Application Data\AVG9
2010-05-19 01:05 . 2010-05-19 01:05 -------- d-----w- c:\program files\Realtek AC97
2010-05-19 00:25 . 2010-05-19 00:25 -------- d-----w- c:\documents and settings\Travis\Application Data\Easeware
2010-05-19 00:25 . 2010-05-19 00:25 -------- d-----w- c:\program files\Easeware
2010-05-19 00:07 . 2010-05-19 00:07 -------- d-----w- c:\documents and settings\Travis\Application Data\DeviceDoctorSoftware
2010-05-18 23:58 . 2010-05-18 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 01:11 . 2010-04-02 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-13 18:31 . 2005-02-14 00:11 1165 ----a-w- c:\windows\EReg077.dat
2010-06-13 04:30 . 2010-03-06 19:02 -------- d-----w- c:\program files\Steam
2010-06-13 04:13 . 2010-03-06 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-06-12 06:06 . 2008-01-09 07:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-10 15:22 . 2008-09-02 23:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-02 05:04 . 2010-03-14 23:55 -------- d-----w- c:\program files\EA Sports
2010-06-01 03:10 . 2008-04-27 16:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-31 05:29 . 2010-04-13 04:56 -------- d-----w- c:\documents and settings\Travis\Application Data\Apple Computer
2010-05-28 06:27 . 2007-05-18 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-24 05:44 . 2010-03-07 16:05 100024 ----a-w- c:\documents and settings\Travis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-15 21:09 . 2007-05-05 15:18 -------- d-----w- c:\program files\Microsoft Games
2010-05-03 06:35 . 2010-04-04 06:14 0 ----a-w- c:\documents and settings\Travis\Local Settings\Application Data\prvlcl.dat
2010-04-28 01:35 . 2005-11-10 02:21 -------- d-----w- c:\program files\iTunes
2010-04-28 01:33 . 2010-04-28 01:33 -------- d-----w- c:\program files\iPod
2010-04-28 01:33 . 2008-01-14 00:55 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 01:26 . 2010-04-28 01:26 -------- d-----w- c:\program files\Bonjour
2010-04-25 21:57 . 2010-04-25 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2010-04-25 21:55 . 2010-04-25 21:55 -------- d-----w- c:\documents and settings\Travis\Application Data\Sports Interactive
2010-04-20 01:45 . 2010-03-29 20:19 75 ----a-w- c:\documents and settings\Travis\jagex_runescape_preferences2.dat
2010-04-20 01:44 . 2010-03-29 20:17 41 ----a-w- c:\documents and settings\Travis\jagex_runescape_preferences.dat
2010-04-19 00:42 . 2010-04-19 00:42 65508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-18 22:54 . 2009-09-05 21:19 75 ----a-w- c:\documents and settings\Owner.HOMEPC\jagex_runescape_preferences2.dat
2010-04-18 22:54 . 2008-07-01 18:30 41 ----a-w- c:\documents and settings\Owner.HOMEPC\jagex_runescape_preferences.dat
2010-04-18 17:45 . 2010-04-18 17:45 0 ----a-w- c:\documents and settings\Owner.HOMEPC\jagex__preferences3.dat
2010-04-17 18:49 . 2009-11-21 22:03 -------- d-----w- c:\program files\Common Files\scanner
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 05:35 . 2010-04-06 05:35 381984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-29 20:19 . 2010-03-29 20:19 0 ----a-w- c:\documents and settings\Travis\jagex__preferences3.dat
2007-02-16 01:18 . 2007-02-16 01:18 32 --sha-w- c:\windows\{510C91AA-44D5-4F31-A053-79331C7EFE1C}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-21 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-25 142120]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-30 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-30 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Activision\\Tony Hawk's Underground 2\\Game\\THUG2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\altitude\\altitude.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57365:TCP"= 57365:TCP:Pando Media Booster
"57365:UDP"= 57365:UDP:Pando Media Booster

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 10:49 AM 616408]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/18/2010 5:06 PM 327064]
S3 EraserUtilDrv10740;EraserUtilDrv10740;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys [?]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - [You must be registered and logged in to see this link.]
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Travis\Application Data\Mozilla\Firefox\Profiles\ss0fp9cb.default\
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Owner.HOMEPC\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
HKLM-Run-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
Notify-avgrsstarter - avgrsstx.dll
AddRemove-LeechFTP - c:\windows\eraser.exe
AddRemove-Roland SX-15 - c:\docume~1\OWNER~1.HOM\LOCALS~1\Temp\RolandRDSX15.INF\SETUP.EXE
AddRemove-Roland SX-8 - c:\docume~1\OWNER~1.HOM\LOCALS~1\Temp\RolandRDSX8.INF\SETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-13 18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1484650546-40427352-4022061503-1010\Software\SecuROM\License information*]
"datasecu"=hex:e7,a3,b9,0b,fc,e6,05,d8,e5,4e,14,d3,07,d9,da,ce,c0,e9,1d,12,3d,
e6,f1,cd,c6,8c,01,03,72,4c,92,06,81,11,4f,a8,8f,dd,2b,79,bf,5b,cf,fe,54,e7,\
"rkeysecu"=hex:57,24,91,3e,0c,0c,fe,c6,46,2a,89,be,d6,53,bb,59
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\GTGina.dll
.
Completion time: 2010-06-13 18:56:55
ComboFix-quarantined-files.txt 2010-06-14 01:56

Pre-Run: 7,869,792,256 bytes free
Post-Run: 11,818,598,400 bytes free

- - End Of File - - 015DFA47FB72FA581854DFCB4119FB34

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 14th June 2010, 6:10 am

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 14th June 2010, 6:59 am

Log 1
*****

MySystem-Search

Run on 06/13/2010 at 23:57:31

MSS v1.3


Basic System Information



CD Emulation Drivers running?



Peer-to-Peer applications?



File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile


Running processes



Hidden objects

PATH: C:\windows

$hf_mig$
$MSI31Uninstall_KB893803v2$
$NtServicePackUninstall$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB821431$
$NtUninstallKB823182$
$NtUninstallKB825119$
$NtUninstallKB828028$
$NtUninstallKB828741$
$NtUninstallKB833407$
$NtUninstallKB835409$
$NtUninstallKB835732$
$NtUninstallKB842773$
$NtUninstallKB873339$
$NtUninstallKB873339_0$
$NtUninstallKB873339_1$
$NtUninstallKB885835$
$NtUninstallKB885835_0$
$NtUninstallKB885835_1$
$NtUninstallKB885836$
$NtUninstallKB885836_0$
$NtUninstallKB885836_1$
$NtUninstallKB886185$
$NtUninstallKB887472$
$NtUninstallKB888302$
$NtUninstallKB888302_0$
$NtUninstallKB888302_1$
$NtUninstallKB890046$
$NtUninstallKB890046_0$
$NtUninstallKB890046_1$
$NtUninstallKB890859$
$NtUninstallKB890859_0$
$NtUninstallKB890859_1$
$NtUninstallKB891781$
$NtUninstallKB891781_0$
$NtUninstallKB891781_1$
$NtUninstallKB893756$
$NtUninstallKB893756_0$
$NtUninstallKB893756_1$
$NtUninstallKB894391$
$NtUninstallKB894391_0$
$NtUninstallKB894391_1$
$NtUninstallKB896358$
$NtUninstallKB896358_0$
$NtUninstallKB896358_1$
$NtUninstallKB896423$
$NtUninstallKB896423_0$
$NtUninstallKB896423_1$
$NtUninstallKB896424$
$NtUninstallKB896424_0$
$NtUninstallKB896424_1$
$NtUninstallKB896428$
$NtUninstallKB896428_0$
$NtUninstallKB896428_1$
$NtUninstallKB898458$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB899587_0$
$NtUninstallKB899587_1$
$NtUninstallKB899591$
$NtUninstallKB899591_0$
$NtUninstallKB899591_1$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB900725_0$
$NtUninstallKB900725_1$
$NtUninstallKB901017$
$NtUninstallKB901017_0$
$NtUninstallKB901017_1$
$NtUninstallKB901214$
$NtUninstallKB901214_0$
$NtUninstallKB901214_1$
$NtUninstallKB902400$
$NtUninstallKB902400_0$
$NtUninstallKB902400_1$
$NtUninstallKB904706$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905414_0$
$NtUninstallKB905414_1$
$NtUninstallKB905495$
$NtUninstallKB905749$
$NtUninstallKB905749_0$
$NtUninstallKB905749_1$
$NtUninstallKB908519$
$NtUninstallKB908519_0$
$NtUninstallKB908519_1$
$NtUninstallKB908531$
$NtUninstallKB908531_0$
$NtUninstallKB908531_1$
$NtUninstallKB910437$
$NtUninstallKB910437_0$
$NtUninstallKB910437_1$
$NtUninstallKB911280$
$NtUninstallKB911280_0$
$NtUninstallKB911280_1$
$NtUninstallKB911562$
$NtUninstallKB911562_0$
$NtUninstallKB911562_1$
$NtUninstallKB911564$
$NtUninstallKB911567-OE6SP1-20060316.165634$
$NtUninstallKB911927$
$NtUninstallKB911927_0$
$NtUninstallKB911927_1$
$NtUninstallKB912919$
$NtUninstallKB912919_0$
$NtUninstallKB912919_1$
$NtUninstallKB913580$
$NtUninstallKB913580_0$
$NtUninstallKB913580_1$
$NtUninstallKB914388$
$NtUninstallKB914388_0$
$NtUninstallKB914388_1$
$NtUninstallKB914389$
$NtUninstallKB914389_0$
$NtUninstallKB914389_1$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB916595$
$NtUninstallKB917344$
$NtUninstallKB917344_0$
$NtUninstallKB917344_1$
$NtUninstallKB917422$
$NtUninstallKB917422_0$
$NtUninstallKB917422_1$
$NtUninstallKB917734_WMP9$
$NtUninstallKB917953$
$NtUninstallKB917953_0$
$NtUninstallKB917953_1$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB918439-IE6SP1-20060530.145346$
$NtUninstallKB918899-IE6SP1-20060725.123917$
$NtUninstallKB919007$
$NtUninstallKB919007_0$
$NtUninstallKB919007_1$
$NtUninstallKB920213$
$NtUninstallKB920670$
$NtUninstallKB920670_0$
$NtUninstallKB920670_1$
$NtUninstallKB920683$
$NtUninstallKB920683_0$
$NtUninstallKB920683_1$
$NtUninstallKB920685$
$NtUninstallKB920685_0$
$NtUninstallKB920685_1$
$NtUninstallKB920872$
$NtUninstallKB921398$
$NtUninstallKB921398_0$
$NtUninstallKB921398_1$
$NtUninstallKB921503$
$NtUninstallKB921883$
$NtUninstallKB921883_0$
$NtUninstallKB921883_1$
$NtUninstallKB922582$
$NtUninstallKB922616$
$NtUninstallKB922616_0$
$NtUninstallKB922616_1$
$NtUninstallKB922819$
$NtUninstallKB922819_0$
$NtUninstallKB922819_1$
$NtUninstallKB923191$
$NtUninstallKB923191_0$
$NtUninstallKB923191_1$
$NtUninstallKB923414$
$NtUninstallKB923414_0$
$NtUninstallKB923414_1$
$NtUninstallKB923561$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924191$
$NtUninstallKB924191_0$
$NtUninstallKB924191_1$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924496_0$
$NtUninstallKB924496_1$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925486-IE6SP1-20060918.120000$
$NtUninstallKB925902$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB936782_WMP9$
$NtUninstallKB938127$
$NtUninstallKB938464$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941569$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942615$
$NtUninstallKB942763$
$NtUninstallKB942840$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943460_0$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946627$
$NtUninstallKB946648$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950974$
$NtUninstallKB951066$
$NtUninstallKB951072-v2$
$NtUninstallKB951376$
$NtUninstallKB951376-v2$
$NtUninstallKB951698$
$NtUninstallKB951748$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952954$
$NtUninstallKB953839$
$NtUninstallKB954211$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955839$
$NtUninstallKB956391$
$NtUninstallKB956572$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956841$
$NtUninstallKB957095$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958690$
$NtUninstallKB959426$
$NtUninstallKB960225$
$NtUninstallKB960715$
$NtUninstallKB960803$
$NtUninstallKB961373$
$NtUninstallKB961501$
$NtUninstallKB967715$
$NtUninstallKB968537$
$NtUninstallKB969898$
$NtUninstallKB970238$
$NtUninstallQ327979$
$NtUninstallQ329112$
$NtUninstallq329256$
$NtUninstallQ329909$
$NtUninstallQ331958$
$NtUninstallQ811789$
$NtUninstallQ814995$
$NtUninstallQ815485$
$NtUninstallQ817357$
$NtUninstallWdf01001$
$NtUninstallWIC$
ftpcache
ie7
inf
Installer
msdownld.tmp
PIF
QTFont.qfn
SwSys1.bmp
SwSys2.bmp
Thumbs.db
WindowsShell.Manifest
winnt.bmp
winnt256.bmp
{510C91AA-44D5-4F31-A053-79331C7EFE1C}.dat


PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
logonui.exe.manifest
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest


PATH: C:\windows\system32\drivers

HP_DW233A-ABA a520n_YC_Pavi_Qmxz436_E42NAheBLU4_4_IExplorer4_SASUSTeK Computer INC._VRev 1.xx_B3.03_T040319_WXH1_L409_M448_J160_7AMD_8Athlon XP 3200+_92.19_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE01F0.MRK
MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
Msft_Kernel_xusb21_01001.Wdf


PATH: C:\

BOOT.BAK
boot.ini
cmdcons
cmldr
hiberfil.sys
IO.SYS
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
setup95.exe
System Volume Information


User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb1d5af56
ProfileLoadTimeHigh REG_DWORD 0x1cb0b5e
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb17d7854
ProfileLoadTimeHigh REG_DWORD 0x1cb0b5e
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1484650546-40427352-4022061503-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner.HOMEPC
Sid REG_BINARY 01050000000000051500000032F87D5858DF6802BFC9BBEFEB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xcc9c1bc4
ProfileLoadTimeHigh REG_DWORD 0x1cb0b84
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1484650546-40427352-4022061503-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\owner_2
Sid REG_BINARY 01050000000000051500000032F87D5858DF6802BFC9BBEFF0030000
Flags REG_DWORD 0x0
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xbbf9f396
ProfileLoadTimeHigh REG_DWORD 0x1cafef7
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1484650546-40427352-4022061503-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Michelle
Sid REG_BINARY 01050000000000051500000032F87D5858DF6802BFC9BBEFF1030000
Flags REG_DWORD 0x0
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x67fbb0ed
ProfileLoadTimeHigh REG_DWORD 0x1cac0bb
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1484650546-40427352-4022061503-1010
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Travis
Sid REG_BINARY 01050000000000051500000032F87D5858DF6802BFC9BBEFF2030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xba2925a2
ProfileLoadTimeHigh REG_DWORD 0x1cb0b5e
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb


Current Scheduled Tasks
PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
desktop.ini
SA.DAT


Windows Drivers and NT-Services

Volume in drive C is HP_PAVILION
Volume Serial Number is 5C15-CD7C

Directory of C:\Windows\System32\Drivers

01/11/2008 11:38 PM 4,152 HP_DW233A-ABA a520n_YC_Pavi_Qmxz436_E42NAheBLU4_4_IExplorer4_SASUSTeK Computer INC._VRev 1.xx_B3.03_T040319_WXH1_L409_M448_J160_7AMD_8Athlon XP 3200+_92.19_110DE006E_N10DE0066_P_Z11C1044C_K_A10DE006A_U10DE0067_G10DE01F0.MRK
03/26/2009 04:13 PM 0 MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
03/26/2009 04:13 PM 0 Msft_Kernel_xusb21_01001.Wdf
3 File(s) 4,152 bytes
0 Dir(s) 11,797,372,928 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 5C15-CD7C

Directory of C:\Windows\System32\Drivers

06/04/2001 02:00 PM 14,112 PS2.sys
08/17/2001 01:59 PM 3,072 audstub.sys
08/17/2001 02:46 PM 6,400 enum1394.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
08/17/2001 03:00 PM 54,272 swmidi.sys
08/17/2001 03:02 PM 9,600 hidusb.sys
08/29/2002 05:00 AM 4,224 rdpcdd.sys
08/29/2002 05:00 AM 7,680 mcd.sys
08/29/2002 05:00 AM 35,840 isapnp.sys
08/29/2002 05:00 AM 17,792 ptilink.sys
08/29/2002 05:00 AM 9,600 ndistapi.sys
08/29/2002 05:00 AM 32,896 ipfltdrv.sys
08/29/2002 05:00 AM 34,432 rawwan.sys
08/29/2002 05:00 AM 38,016 ndproxy.sys
08/29/2002 05:00 AM 4,224 mnmdd.sys
08/29/2002 05:00 AM 5,888 rootmdm.sys
08/29/2002 05:00 AM 11,648 acpiec.sys
08/29/2002 05:00 AM 646 gmreadme.txt
08/29/2002 05:00 AM 3,440,660 gm.dls
08/29/2002 05:00 AM 16,512 raspti.sys
08/29/2002 05:00 AM 125,056 ftdisk.sys
08/29/2002 05:00 AM 7,936 fs_rec.sys
08/29/2002 05:00 AM 6,784 parvdm.sys
08/29/2002 05:00 AM 18,688 partmgr.sys
08/29/2002 05:00 AM 34,944 fips.sys
08/29/2002 05:00 AM 12,032 ws2ifsl.sys
08/29/2002 05:00 AM 4,352 wmilib.sys
08/29/2002 05:00 AM 3,328 pciide.sys
08/29/2002 05:00 AM 3,328 dxgthk.sys
08/29/2002 05:00 AM 3,456 oprghdlr.sys
08/29/2002 05:00 AM 5,888 dmload.sys
08/29/2002 05:00 AM 2,944 null.sys
08/29/2002 05:00 AM 13,952 cbidf2k.sys
08/29/2002 05:00 AM 14,592 smclib.sys
08/29/2002 05:00 AM 12,416 nwlnkflt.sys
08/29/2002 05:00 AM 32,512 nwlnkfwd.sys
08/29/2002 05:00 AM 4,224 beep.sys
08/29/2002 05:00 AM 4,736 usbd.sys
08/29/2002 05:00 AM 10,496 dxapi.sys
08/29/2002 05:00 AM 55,936 nwlnkspx.sys
08/29/2002 05:00 AM 63,232 nwlnknb.sys
08/29/2002 05:00 AM 352,256 atmuni.sys
08/29/2002 05:00 AM 31,360 atmepvc.sys
08/29/2002 05:00 AM 8,832 rasacd.sys
08/29/2002 12:00 PM 23,936 usbcamd2.sys
08/29/2002 12:00 PM 23,808 usbcamd.sys
08/29/2002 12:00 PM 12,160 fsvga.sys
08/29/2002 12:00 PM 58,112 vdmindvd.sys
08/29/2002 12:00 PM 12,032 riodrv.sys
08/29/2002 12:00 PM 12,032 rio8drv.sys
08/29/2002 12:00 PM 12,032 nikedrv.sys
08/29/2002 12:00 PM 11,776 cpqdap01.sys
08/29/2002 12:00 PM 262,528 cinemst2.sys
08/29/2002 12:00 PM 18,688 cdaudio.sys
08/29/2002 12:00 PM 21,376 tsbvcap.sys
08/29/2002 12:00 PM 51,712 tosdvd.sys
10/04/2002 06:04 PM 46,976 R8139n51.sys
04/21/2003 10:18 PM 54,784 NVENET.sys
07/02/2003 12:33 AM 652,497 ltmdmnt.sys
07/02/2003 12:42 PM 27,904 VIAAGP1.SYS
07/18/2003 05:58 PM 36,992 SISAGPX.SYS
08/01/2003 08:37 PM 1,040 alcxinit.dat
09/03/2003 12:51 AM 21,120 nv_agp.SYS
09/19/2003 02:47 AM 10,368 pfc.sys
10/16/2003 11:19 PM 117,760 vtmini.sys
11/10/2003 12:24 PM 39,532 Sunkfilt.sys
11/20/2003 05:25 PM 95,579 ialmnt5.sys
11/20/2003 05:25 PM 33,847 wa301a.sys
11/20/2003 05:25 PM 33,847 wa301b.sys
11/20/2003 05:25 PM 11,831 a302.sys
11/20/2003 05:25 PM 29,751 a303.sys
11/20/2003 05:25 PM 46,647 a304.sys
11/20/2003 05:25 PM 12,855 a305.sys
11/20/2003 05:25 PM 16,951 a306.sys
11/20/2003 05:25 PM 21,559 a307.sys
11/20/2003 05:25 PM 11,319 a308.sys
11/20/2003 05:25 PM 26,167 a309.sys
11/20/2003 05:25 PM 33,335 a310.sys
11/20/2003 05:26 PM 33,335 a311.sys
11/20/2003 05:26 PM 21,045 vch.sys
11/20/2003 05:26 PM 99,002 ialmkchw.sys
11/20/2003 05:26 PM 122,110 ialmsbw.sys
11/20/2003 05:26 PM 37,431 a313.sys
11/20/2003 05:26 PM 11,319 a314.sys
12/02/2003 07:23 PM 142,336 Fasttx2k.sys
12/05/2003 05:25 PM 11,392 srvkp.sys
12/06/2003 03:13 AM 429,440 sisgrp.sys
12/12/2003 07:54 AM 391,424 ALCXSENS.SYS
01/20/2004 10:06 AM disdn
07/17/2004 12:35 PM 67,866 netwlan5.img
07/17/2004 12:36 PM 64,352 ativmc20.cod
07/17/2004 11:55 PM 129,045 cxthsfs2.cty
08/03/2004 11:08 PM 60,288 drmk.sys
08/03/2004 11:08 PM 48,640 stream.sys
08/03/2004 11:15 PM 140,928 ks.sys
08/03/2004 11:15 PM 145,792 portcls.sys
08/03/2004 11:29 PM 57,856 atinbtxx.sys
08/03/2004 11:29 PM 701,440 ati2mtag.sys
08/03/2004 11:29 PM 327,040 ati2mtaa.sys
08/03/2004 11:29 PM 52,224 atinraxx.sys
08/03/2004 11:29 PM 11,615 ati1mdxx.sys
08/03/2004 11:29 PM 14,336 atinpdxx.sys
08/03/2004 11:29 PM 12,047 ati1pdxx.sys
08/03/2004 11:29 PM 13,824 atinmdxx.sys
08/03/2004 11:29 PM 56,623 ati1btxx.sys
08/03/2004 11:29 PM 28,672 atinsnxx.sys
08/03/2004 11:29 PM 13,824 atinttxx.sys
08/03/2004 11:29 PM 34,735 ati1xsxx.sys
08/03/2004 11:29 PM 73,216 atintuxx.sys
08/03/2004 11:29 PM 29,455 ati1xbxx.sys
08/03/2004 11:29 PM 63,488 atinxsxx.sys
08/03/2004 11:29 PM 31,744 atinxbxx.sys
08/03/2004 11:29 PM 30,671 ati1raxx.sys
08/03/2004 11:29 PM 36,463 ati1tuxx.sys
08/03/2004 11:29 PM 21,343 ati1ttxx.sys
08/03/2004 11:29 PM 26,367 ati1snxx.sys
08/03/2004 11:29 PM 63,663 ati1rvxx.sys
08/03/2004 11:29 PM 104,960 atinrvxx.sys
08/03/2004 11:29 PM 452,736 mtxparhm.sys
08/03/2004 11:29 PM 11,295 wadv08nt.sys
08/03/2004 11:29 PM 11,807 wadv07nt.sys
08/03/2004 11:29 PM 11,935 wadv11nt.sys
08/03/2004 11:29 PM 11,871 wadv09nt.sys
08/03/2004 11:29 PM 22,271 watv06nt.sys
08/03/2004 11:29 PM 25,471 watv10nt.sys
08/03/2004 11:29 PM 166,912 s3gnbm.sys
08/03/2004 11:31 PM 20,992 rtl8139.sys
08/03/2004 11:41 PM 1,309,184 mtlstrm.sys
08/03/2004 11:41 PM 13,776 recagent.sys
08/03/2004 11:41 PM 180,360 ntmtlfax.sys
08/03/2004 11:41 PM 126,686 mtlmnt5.sys
08/03/2004 11:41 PM 129,535 slnt7554.sys
08/03/2004 11:41 PM 404,990 slntamr.sys
08/03/2004 11:41 PM 13,240 slwdmsup.sys
08/03/2004 11:41 PM 95,424 slnthal.sys
08/03/2004 11:41 PM 220,032 hsfbs2s2.sys
08/03/2004 11:41 PM 685,056 hsfcxts2.sys
08/03/2004 11:41 PM 11,868 mdmxsdk.sys
08/03/2004 11:41 PM 1,041,536 hsfdpsp2.sys
08/03/2004 11:58 PM 60,800 arp1394.sys
08/03/2004 11:58 PM 61,824 nic1394.sys
08/03/2004 11:58 PM 42,240 mountmgr.sys
08/03/2004 11:58 PM 59,904 atmarpc.sys
08/03/2004 11:58 PM 23,040 mouclass.sys
08/03/2004 11:58 PM 24,576 kbdclass.sys
08/03/2004 11:58 PM 209,408 update.sys
08/03/2004 11:58 PM 55,936 atmlane.sys
08/03/2004 11:58 PM 100,992 bthpan.sys
08/03/2004 11:58 PM 5,376 mspclock.sys
08/03/2004 11:58 PM 5,504 mstee.sys
08/03/2004 11:58 PM 4,352 swenum.sys
08/03/2004 11:58 PM 7,552 mskssrv.sys
08/03/2004 11:58 PM 4,992 mspqm.sys
08/03/2004 11:59 PM 15,488 serenum.sys
08/03/2004 11:59 PM 80,128 parport.sys
08/03/2004 11:59 PM 35,328 processr.sys
08/03/2004 11:59 PM 36,096 intelppm.sys
08/03/2004 11:59 PM 36,992 amdk6.sys
08/03/2004 11:59 PM 42,496 p3.sys
08/03/2004 11:59 PM 36,480 crusoe.sys
08/03/2004 11:59 PM 37,376 amdk7.sys
08/03/2004 11:59 PM 27,392 fdc.sys
08/03/2004 11:59 PM 20,480 flpydisk.sys
08/03/2004 11:59 PM 57,472 redbook.sys
08/03/2004 11:59 PM 25,088 pciidex.sys
08/03/2004 11:59 PM 5,504 intelide.sys
08/03/2004 11:59 PM 96,256 scsiport.sys
08/03/2004 11:59 PM 5,376 viaide.sys
08/03/2004 11:59 PM 95,360 atapi.sys
08/03/2004 11:59 PM 92,032 ksecdd.sys
08/03/2004 11:59 PM 40,320 nmnt.sys
08/03/2004 11:59 PM 49,536 cdrom.sys
08/03/2004 11:59 PM 14,208 diskdump.sys
08/03/2004 11:59 PM 10,240 sffp_sd.sys
08/03/2004 11:59 PM 36,352 disk.sys
08/03/2004 11:59 PM 11,136 sffdisk.sys
08/03/2004 11:59 PM 11,392 sfloppy.sys
08/03/2004 11:59 PM 71,552 bridge.sys
08/04/2004 12:00 AM 14,976 tape.sys
08/04/2004 12:00 AM 29,056 ip6fw.sys
08/04/2004 12:00 AM 41,856 imapi.sys
08/04/2004 12:00 AM 52,352 volsnap.sys
08/04/2004 12:00 AM 66,176 udfs.sys
08/04/2004 12:00 AM 19,072 msfs.sys
08/04/2004 12:00 AM 30,848 npfs.sys
08/04/2004 12:00 AM 11,264 irenum.sys
08/04/2004 12:00 AM 71,040 dxg.sys
08/04/2004 12:01 AM 196,864 rdpdr.sys
08/04/2004 12:01 AM 25,856 usbprint.sys
08/04/2004 12:03 AM 12,928 ndisuio.sys
08/04/2004 12:03 AM 12,416 tunmp.sys
08/04/2004 12:03 AM 34,560 netbios.sys
08/04/2004 12:03 AM 88,448 nwlnkipx.sys
08/04/2004 12:04 AM 35,072 msgpc.sys
08/04/2004 12:04 AM 69,120 psched.sys
08/04/2004 12:04 AM 30,080 rndismpx.sys
08/04/2004 12:04 AM 30,080 rndismp.sys
08/04/2004 12:04 AM 12,672 usb8023.sys
08/04/2004 12:04 AM 12,672 usb8023x.sys
08/04/2004 12:04 AM 20,992 ipinip.sys
08/04/2004 12:04 AM 12,672 mutohpen.sys
08/04/2004 12:04 AM 13,568 wacompen.sys
08/04/2004 12:04 AM 34,560 wanarp.sys
08/04/2004 12:05 AM 14,336 asyncmac.sys
08/04/2004 12:05 AM 41,472 raspppoe.sys
08/04/2004 12:06 AM 73,472 sr.sys
08/04/2004 12:07 AM 79,744 videoprt.sys
08/04/2004 12:07 AM 20,992 vga.sys
08/04/2004 12:07 AM 153,344 dmio.sys
08/04/2004 12:07 AM 799,744 dmboot.sys
08/04/2004 12:07 AM 6,016 smbali.sys
08/04/2004 12:07 AM 187,776 acpi.sys
08/04/2004 12:07 AM 52,864 dmusic.sys
08/04/2004 12:07 AM 42,752 alim1541.sys
08/04/2004 12:07 AM 42,368 agp440.sys
08/04/2004 12:07 AM 44,928 agpcpq.sys
08/04/2004 12:07 AM 44,672 uagp35.sys
08/04/2004 12:07 AM 42,240 viaagp.sys
08/04/2004 12:07 AM 46,464 gagp30kx.sys
08/04/2004 12:07 AM 43,008 amdagp.sys
08/04/2004 12:07 AM 41,088 sisagp.sys
08/04/2004 12:07 AM 63,744 mf.sys
08/04/2004 12:07 AM 67,584 sdbus.sys
08/04/2004 12:07 AM 15,488 mssmbios.sys
08/04/2004 12:07 AM 68,224 pci.sys
08/04/2004 12:07 AM 119,936 pcmcia.sys
08/04/2004 12:07 AM 18,560 tdi.sys
08/04/2004 12:07 AM 2,944 drmkaud.sys
08/04/2004 12:08 AM 30,080 modem.sys
08/04/2004 12:08 AM 24,960 hidparse.sys
08/04/2004 12:08 AM 15,104 hidir.sys
08/04/2004 12:08 AM 36,224 hidclass.sys
08/04/2004 12:08 AM 20,480 usbuhci.sys
08/04/2004 12:08 AM 17,024 usbohci.sys
08/04/2004 12:08 AM 26,624 usbehci.sys
08/04/2004 12:08 AM 142,976 usbport.sys
08/04/2004 12:08 AM 57,600 usbhub.sys
08/04/2004 12:08 AM 26,496 usbstor.sys
08/04/2004 12:08 AM 16,000 usbintel.sys
08/04/2004 12:09 AM 25,472 sonydcam.sys
08/04/2004 12:10 AM 51,328 msdv.sys
08/04/2004 12:10 AM 53,248 1394bus.sys
08/04/2004 12:10 AM 61,056 ohci1394.sys
08/04/2004 12:10 AM 78,464 usbvideo.sys
08/04/2004 12:10 AM 10,880 ndisip.sys
08/04/2004 12:10 AM 15,360 streamip.sys
08/04/2004 12:10 AM 15,360 mpe.sys
08/04/2004 12:10 AM 11,776 bdasup.sys
08/04/2004 12:10 AM 11,136 slip.sys
08/04/2004 12:10 AM 17,024 ccdecode.sys
08/04/2004 12:10 AM 19,328 wstcodec.sys
08/04/2004 12:10 AM 85,376 nabtsfec.sys
08/04/2004 12:10 AM 18,944 bthusb.sys
08/04/2004 12:10 AM 35,456 bthprint.sys
08/04/2004 12:10 AM 25,600 hidbth.sys
08/04/2004 12:10 AM 38,016 bthmodem.sys
08/04/2004 12:10 AM 17,024 bthenum.sys
08/04/2004 12:10 AM 59,648 rfcomm.sys
08/04/2004 12:14 AM 63,744 cdfs.sys
08/04/2004 12:14 AM 143,360 fastfat.sys
08/04/2004 12:14 AM 51,328 rasl2tp.sys
08/04/2004 12:14 AM 48,384 raspptp.sys
08/04/2004 12:14 AM 49,664 classpnp.sys
08/04/2004 12:14 AM 74,752 ipsec.sys
08/04/2004 12:14 AM 182,912 ndis.sys
08/04/2004 12:14 AM 91,776 ndiswan.sys
08/04/2004 12:14 AM 162,816 netbt.sys
08/04/2004 12:14 AM 52,736 i8042prt.sys
08/04/2004 12:15 AM 107,904 mup.sys
08/04/2004 12:15 AM 64,896 serial.sys
08/04/2004 12:15 AM 60,800 sysaudio.sys
08/04/2004 01:56 AM 15,423 ch7xxnt5.dll
08/04/2004 01:56 AM 25,471 atv04nt5.dll
08/04/2004 01:56 AM 3,615 adv05nt5.dll
08/04/2004 01:56 AM 14,143 atv06nt5.dll
08/04/2004 01:56 AM 11,359 atv02nt5.dll
08/04/2004 01:56 AM 3,135 adv08nt5.dll
08/04/2004 01:56 AM 4,255 adv01nt5.dll
08/04/2004 01:56 AM 3,711 adv09nt5.dll
08/04/2004 01:56 AM 17,279 atv10nt5.dll
08/04/2004 01:56 AM 3,967 adv02nt5.dll
08/04/2004 01:56 AM 3,647 adv07nt5.dll
08/04/2004 01:56 AM 3,775 adv11nt5.dll
08/04/2004 01:56 AM 21,183 atv01nt5.dll
08/04/2004 01:56 AM 3,901 siint5.dll
08/04/2004 01:56 AM 11,325 vchnt5.dll
08/04/2004 02:01 AM 21,896 tdtcp.sys
08/04/2004 02:01 AM 40,840 termdd.sys
08/04/2004 02:01 AM 12,040 tdpipe.sys
09/29/2004 03:28 PM 134,912 ipnat.sys
10/07/2004 06:16 PM 35,840 AFS2K.SYS
02/01/2005 07:18 PM 17,992 bcm42rly.sys
06/09/2005 09:09 PM 139,528 rdpwd.sys
11/03/2005 09:39 PM 245,504 rt73.sys
11/17/2005 06:38 PM 2,048 rt73.bin
02/14/2006 05:22 PM 142,464 aec.sys
03/16/2006 05:33 PM 262,784 http.sys
04/20/2006 12:44 AM 479,200 wdf01000.sys
04/20/2006 12:44 AM 30,688 wdfldr.sys
05/05/2006 02:47 AM 174,592 rdbss.sys
06/14/2006 01:47 AM 172,416 kmixer.sys
06/14/2006 01:47 AM 6,400 splitter.sys
06/14/2006 02:00 AM 82,944 wdmaud.sys
08/21/2006 02:14 AM 128,896 fltmgr.sys
02/09/2007 04:10 AM 574,464 ntfs.sys
02/26/2007 06:15 PM 61,984 xusb21.sys
12/18/2007 02:51 AM 179,584 mrxdav.sys
01/12/2008 12:18 AM 20,747 AegisP.sys
05/08/2008 05:28 AM 202,752 rmcast.sys
06/13/2008 06:10 AM 272,128 bthport.sys
06/20/2008 02:52 AM 225,920 tcpip6.sys
06/20/2008 03:45 AM 360,320 tcpip.sys
08/14/2008 02:51 AM 138,368 afd.sys
09/17/2008 10:55 AM 6,132,576 nv4_mini.sys
09/24/2008 10:40 AM 4,122,368 alcxwdm.sys
10/24/2008 04:10 AM 453,632 mrxsmb.sys
11/20/2008 12:19 PM 43,872 pxhelp20.sys
12/11/2008 04:57 AM 333,184 srv.sys
03/25/2009 03:56 PM 11,973 secdrv.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
09/01/2009 12:05 AM 7,396 pctcore.cat
10/16/2009 02:33 AM 41,472 usbaapl.sys
06/13/2010 06:40 PM ..
06/13/2010 06:40 PM .
06/13/2010 06:46 PM etc
321 File(s) 37,699,320 bytes
4 Dir(s) 11,797,356,544 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.HOMEPC\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.HOMEPC
LOGONSERVER=\\HOMEPC
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Owner.HOMEPC\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
MOZ_PLUGIN_PATH=C:\webclient
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.HOM\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.HOM\LOCALS~1\Temp
USERDOMAIN=HOMEPC
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.HOMEPC
windir=C:\WINDOWS


Stealth malware?


Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://srch-us10.hpwis.com/
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://www.comcast.net/
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.00.2800.1017
Search Bar REG_SZ http://srch-us10.hpwis.com/
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
IEWatsonEnabled REG_DWORD 0x0
SearchAssistant REG_SZ http://www.crawler.com/search/ie.aspx?tb_id=60446
CustomizeSearch REG_SZ http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
Window Title REG_SZ Windows Internet Explorer provided by Comcast
BigBitmap REG_SZ C:\Program Files\Internet Explorer\Signup\throbber_static_38.bmp
SmallBitmap REG_SZ C:\Program Files\Internet Explorer\Signup\throbber_static_22.bmp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x0
ProxyEnable REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
PrivDiscUiShown REG_DWORD 0x1
WarnOnZoneCrossing REG_DWORD 0x0
EnableAutodial REG_BINARY 00000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
SyncMode5 REG_DWORD 0x2
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
ProxyServer REG_SZ http=127.0.0.1:3345
ProxyOverride REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://google.com/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.google.com
Default_Page_URL REG_SZ http://us10.hpwis.com/
Default_Search_URL REG_SZ http://srch-us10.hpwis.com/
Search Bar REG_SZ http://www.google.com/ie
Use Custom Search URL REG_DWORD 0x1
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF530000000800000021060000F5030000
FormSuggest PW Ask REG_SZ no
AddToFavoritesExpanded REG_DWORD 0x1
Use FormSuggest REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Error Dlg Details Pane Open REG_SZ no
NotifyDownloadComplete REG_SZ no
Use Search Asst REG_SZ no
Enable Browser Extensions REG_SZ yes
XMLHTTP REG_DWORD 0x0
UseClearType REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
SearchMigratedDefaultName REG_SZ Google
SearchMigratedDefaultURL REG_SZ http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchMigratedInstalled REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x0
DisablescriptDebuggerIE REG_SZ yes
Page_Transitions REG_DWORD 0x1
FavIntelliMenus REG_SZ no
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ no
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
AutoSearch REG_DWORD 0x0
AutoHide REG_SZ yes
FavoritesExportFile REG_SZ C:\Documents and Settings\owner_2\My Documents\bookmark.htm
FavoritesImportFolder REG_SZ C:\Documents and Settings\Owner.HOMEPC\Favorites
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
HistoryViewType REG_BINARY 0000
Save Directory REG_SZ C:\Documents and Settings\Owner.HOMEPC\My Documents\
Window Title REG_SZ Windows Internet Explorer provided by Comcast

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://www.crawler.com/search/ie.aspx?tb_id=60446
CustomizeSearch REG_SZ http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
Default_Search_URL REG_SZ http://www.google.com/ie

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{A3BC75A2-1F87-4686-AA43-5347D756017C} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79CEEA4E-C231-4614-9E3B-53B2A02F39B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{79CEEA4E-C231-4614-9E3B-53B2A02F39B7} REG_SZ Comcast Toolbar
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} REG_SZ AVG Security Toolbar

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel


Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\LeechFTP\Leechftp.exe REG_SZ C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP
C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe REG_SZ C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe REG_SZ C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe REG_SZ C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
C:\Program Files\Activision\Tony Hawk's Underground 2\Game\THUG2.exe REG_SZ C:\Program Files\Activision\Tony Hawk's Underground 2\Game\THUG2.exe:*:Enabled:THUG2
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe REG_SZ C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Steam\Steam.exe REG_SZ C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe REG_SZ C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever
C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe REG_SZ C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever
C:\Program Files\Steam\steamapps\common\altitude\altitude.exe REG_SZ C:\Program Files\Steam\steamapps\common\altitude\altitude.exe:*:Enabled:altitude
C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe REG_SZ C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe REG_SZ C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Pando Networks\Media Booster\PMB.exe REG_SZ C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe REG_SZ C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName REG_SZ
UninstallString REG_SZ C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
DisplayIcon REG_SZ C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe
Publisher REG_SZ Intuit, Inc
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 5.0 Limited Edition

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Age of Mythology 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Age of Mythology Expansion Pack 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon MP3 Downloader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BackWeb-137903 Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ComcastHSI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\comcasttb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EA Download Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Instant Support

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPTOOLKIT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904942

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914440

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB915865

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918439

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB919007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920213

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920670

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920685

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920872

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB921503

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB922582

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB922819

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923191

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923980

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB924270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB924496

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB924667

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925902

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB926255

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB926436

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB927779

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB927802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB927891

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928255

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928843

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929123

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB930178

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB930916

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931261

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931784

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932168

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932823-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933729

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB935839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB935840

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936021

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938828

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938829

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941202

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941568

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941693

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942763

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942840

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB943055

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB943460

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB943485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944653

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB945553

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946026

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946627

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB948590

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB948881

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Log part 2

Post by sheltered on 14th June 2010, 7:02 am

Log part 2
*****

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KBD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Knowledge Munchers Deluxe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LEGO Racers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M928366

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapleStory

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMDXCD10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Ethernet Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA GART Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paws and Claws Pet School

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plants vs. Zombies

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RecordNow.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 11020

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 41310

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax 2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax 2009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax Deluxe 2007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Unlocker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Word Munchers Deluxe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\World of Zoo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT016060

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoo Tycoon 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoombinis Island Odyssey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoombinis Logical Journey(TM)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoombinis Mountain Rescue(TM)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0861E87B-24D7-4E7C-B11B-54F86E5C5199}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{092eeeee-9fdd-4895-a568-0818c96beb6c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13515135-48BB-4184-8C1F-2FAE0138E200}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14589F05-C658-4594-9429-D437BA688686}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15292416-A464-4FBA-BB96-7298EAACFC07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A655D51-1423-48A3-B748-8F5A0BE294C8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2315B23D-3E21-4920-837D-AE6460934ECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29521505-F489-4822-ADFA-32C6DEE4F114}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29B39FB2-5ADF-4F94-BC82-13942871DD0D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E132061-C78A-48D4-A899-1D13B9D189FA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34957B51-9676-41CE-9E52-44AE91B73F1C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3881DB80-EAA2-012B-ADAE-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38975F50-EAA2-012B-ADB4-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38A34630-EAA2-012B-ADB6-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C5A81D0-EAA2-012B-AE9F-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45B6180B-DCAB-4093-8EE8-6164457517F0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D826618-59C6-11D4-976E-00C04F8EEB39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FB120F8-622C-4260-AB49-0F43A59CCF2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54e854d5-d5d4-452d-9c75-b39f5625b5fb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60758250-C8CF-47EB-8CB6-E0C3B84D8207}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7570F1CA-016D-46AC-B586-CD74645EFB52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7FB70A9B-6591-42EB-BD84-6F9C55368E06}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85967580-EBC2-11D4-AEA3-0050046A88ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{88214092-836F-4E22-A5AC-569AC9EE6A0F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A253629-0511-4854-8B4E-46E57E66005C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C19F391-A225-4F32-8681-EDB8AFE6E436}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{930B2432-43D4-11D5-9871-00C04F8EEB39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9541FED0-327F-4DF0-8B96-EF57EF622F19}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98E8A2EF-4EAE-43B8-A172-74842B764777}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF6D771E-3826-4578-BF9B-50EE0ECFC636}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1DB1AD8-C07E-4052-81A1-D2930232BA70}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B23726CF-68BF-41A6-A4EB-72F12F87FE05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C41300B9-185D-475E-BFEC-39EF732F19B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6C44651-7C66-4b11-92E8-17565D3D22DD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ec7d7a6a-31cb-4810-826f-74171bef44f1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF9967D8-1999-4260-ACC2-86901AA36650}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB26A501-6BA6-459B-89AA-9736730752FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player


Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ComcastAntispyClient REG_SZ "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Steam REG_SZ "c:\program files\steam\steam.exe" -silent

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HPHUPD05 REG_SZ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 REG_SZ C:\WINDOWS\System32\hphmon05.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
LTMSG REG_SZ LTMSG.exe 7
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
Sunkist2k REG_SZ C:\Program Files\Multimedia Card Reader\shwicon2k.exe
AlcxMonitor REG_SZ ALCXMNTR.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
SoundMan REG_SZ SOUNDMAN.EXE
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ISTray REG_SZ "C:\Program Files\Spyware Doctor\pctsTray.exe"
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
UpdateManager REG_SZ "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


Restrictions - Internet Explorer



Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x91


ActiveX


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E001C731-5E37-4538-A5CB-8168736A2360}
DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C3A0C5E-6EF9-442E-BCC6-1AC83A2A64A3}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53FA966B-4235-415B-A2FC-1A622461F9ED}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{852D50FF-FBC0-4208-966A-F48148B087C7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F1D170F-1E01-4C49-925C-92BFD2CECD1F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AEE65B59-F192-4BE5-B6CA-308B1587DC86}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA9ED117-1C2B-4DAA-AFAA-AB53200BE3E5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3091F49-B5E9-4323-9CDD-67D77423ABDC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EFDEA3B3-3107-404C-A49C-0EC50B6C4ECA}


Windows IP Configuration



Host Name . . . . . . . . . . . . : HomePC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller

Physical Address. . . . . . . . . : 00-0E-A6-93-8A-0E



Ethernet adapter Wireless Network Connection 5:



Connection-specific DNS Suffix . : hsd1.wa.comcast.net.

Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #4

Physical Address. . . . . . . . . : 00-16-B6-9D-50-83

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.69.150

68.87.85.102

Lease Obtained. . . . . . . . . . : Sunday, June 13, 2010 9:01:26 PM

Lease Expires . . . . . . . . . . : Monday, June 14, 2010 9:01:26 PM



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
LsaPid REG_DWORD 0x374
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


SafeBoot



AppCert DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls
Extra


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\1

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\2

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\3

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\4

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\5

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\6

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\7


App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 5.0\Reader

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
REG_SZ C:\PROGRA~1\AVG\AVG9\avgse.dll
Menu1 REG_SZ Scan with &AVG
Help1 REG_SZ Scan against viruses with AVG

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\System32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\System32
CmstpExtensionDll REG_SZ C:\WINDOWS\System32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\Travis\My Documents\Downloads\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CoreFTP.exe
REG_SZ C:\Program Files\CoreFTP\coreftp.exe
Path REG_SZ C:\Program Files\CoreFTP

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Creator3.exe
REG_SZ C:\Program Files\LEGO Media\LEGO Creator Harry Potter\Creator3.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Excel.exe
useURL REG_SZ 1
REG_SZ C:\PROGRA~1\MICROS~4\Office\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fifa09.exe
REG_SZ C:\Program Files\EA Sports\FIFA 09\fifa09.exe
Path REG_SZ C:\Program Files\EA Sports\FIFA 09\
Game Registry REG_SZ Software\EA Sports\FIFA 09
Installed REG_DWORD 0x1
Restart REG_DWORD 0x0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FIFA10Demo.exe
REG_SZ C:\Program Files\EA Sports\FIFA 10 - Demo\\FIFA10Demo.exe
Path REG_SZ C:\Program Files\EA Sports\FIFA 10 - Demo\
Game Registry REG_SZ Software\EA Sports\FIFA 10 - Demo
Installed REG_DWORD 0x1
Restart REG_DWORD 0x0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Fireworks.exe
REG_SZ C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe
Path REG_SZ C:\Program Files\Macromedia\Fireworks MX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FreeHand 10.exe
REG_SZ C:\Program Files\Macromedia\FreeHand 10\FreeHand 10.exe
Path REG_SZ C:\Program Files\Macromedia\FreeHand 10

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HP IntelliMover Demo
Path REG_SZ C:\Program Files\IntelliMover Data Transfer Demo
REG_SZ C:\Program Files\IntelliMover Data Transfer Demo\HP IntelliMover Demo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HPSdpApp.exe
Path REG_SZ C:\Program Files\Easy Internet signup\
REG_SZ C:\Program Files\Easy Internet signup\HPSdpApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help\IA_help.htm
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\help\IA_help.htm

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\inuninst.exe
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\inuninst.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\iPlayer.exe
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\iPlayer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISPSignup.exe
REG_SZ C:\Program Files\Easy Internet signup\ISPSignup.exe
Path REG_SZ C:\Program Files\Easy Internet signup\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LEGO Island 2.exe
REG_SZ C:\Program Files\LEGO Media\LEGO Island 2\LEGO Island 2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Math Munchers Deluxe
REG_SZ C:\MECC\MMuncher\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ML12SET.exe
Path REG_SZ C:\WINDOWS\Samsung\ML1200\AddPrint
REG_SZ C:\WINDOWS\Samsung\ML1200\AddPrint\ML12SET.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ C:\Program Files\Windows Media Player\mplayer2.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office\
useURL REG_SZ 1
REG_SZ C:\PROGRA~1\MICROS~4\Office\MSACCESS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSN6.EXE
REG_SZ C:\Program Files\MSN\MSNCoreFiles\MSN6.exe
Path REG_SZ C:\Program Files\MSN\MSNCoreFiles

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
REG_SZ c:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ORUN32.EXE
Path REG_SZ C:\WINDOWS\
REG_SZ C:\WINDOWS\ORUN32.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshp.exe
Path REG_SZ C:\Program Files\Adobe\Photoshop 6.0
REG_SZ C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photosle.exe
Path REG_SZ C:\Program Files\Adobe\Photoshop 5.0 LE
REG_SZ C:\Program Files\Adobe\Photoshop 5.0 LE\Photosle.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealPlay.exe
REG_SZ C:\Program Files\Real\RealOne Player\realplay.exe
Path REG_SZ C:\Program Files\Real\RealOne Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RecordNow.exe
REG_SZ c:\Program Files\RecordNow!\RecordNow.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
REG_SZ C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
Path REG_SZ C:\Program Files\Common Files\Real\Update_OB\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ttax.exe
Path REG_SZ C:\Program Files\TurboTax\Deluxe 2007\32bit
REG_SZ C:\Program Files\TurboTax\Deluxe 2007\32bit

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Unlocker.exe
REG_SZ C:\Program Files\Unlocker\Unlocker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCreator.exe
Path REG_SZ C:\Program Files\InterVideo\WCreator2
REG_SZ C:\Program Files\InterVideo\WCreator2\WCreator.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinDVD.exe
Path REG_SZ C:\Program Files\InterVideo\WinDVD4
REG_SZ C:\Program Files\InterVideo\WinDVD4\WinDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office\WINWORD.EXE
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\Office\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKPLMSTP.EXE
REG_SZ c:\Program Files\Microsoft Works\wkplmstp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
REG_SZ c:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe
Path REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
REG_SZ c:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSPROJ.EXE
REG_SZ c:\Program Files\Microsoft Works\WksProj.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
REG_SZ c:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
REG_SZ c:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
REG_SZ c:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKWCESTP.EXE
REG_SZ c:\Program Files\Microsoft Works\wkwcestp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Word Munchers Deluxe
path REG_SZ C:\Program Files\The Learning Company\WMuncher\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
REG_SZ C:\Program Files\PC-Doctor for Windows\yourapp.Exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Zoombini2.exe
Path REG_SZ C:\Program Files\The Learning Company\Zoombinis Mountain Rescue
REG_SZ C:\Program Files\The Learning Company\Zoombinis Mountain Rescue\Zoombini2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Zoombinis Island Odyssey.exe
Path REG_SZ C:\Program Files\The Learning Company\Zoombinis Island Odyssey
REG_SZ C:\Program Files\The Learning Company\Zoombinis Island Odyssey\Zoombinis Island Odyssey.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Zoombinis Logical Journey.exe
Path REG_SZ C:\Program Files\The Learning Company\Zoombinis Logical Journey(TM)
REG_SZ C:\Program Files\The Learning Company\Zoombinis Logical Journey(TM)\Zoombinis Logical Journey.exe


Mozilla
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
[You must be registered and logged in to see this link.] REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
REG_SZ 1.9.2.3
CurrentVersion REG_SZ 3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)
REG_SZ 3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3
GeckoVer REG_SZ 1.9.2.3

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Omnis Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Omnis Firefox\extensions
Plugins REG_SZ C:\webclient


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdauxservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sdcoreservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


File Rename Operations - Session

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Log part 3 just a little bit I missed on part 2

Post by sheltered on 14th June 2010, 7:03 am

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
DisplayName REG_SZ Adobe Flash Player 10 Plugin
DisplayVersion REG_SZ 10.0.32.18
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer


{END OF FILE}

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 14th June 2010, 7:28 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 15th June 2010, 4:59 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=82ce119ab217b14f81d47ca2d79b9e17
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-15 01:44:21
# local_time=2010-06-14 06:44:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777174 0 2 5470260 5470260 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268448
# found=15
# cleaned=15
# scan_time=6459
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Application Data\wcndsanb\ullsbyc.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\gxOb.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\hh5BfY2n.exe.part Win32/TrojanDownloader.FakeAlert.ASM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\iKwN+Y0X.exe.part Win32/TrojanDownloader.FakeAlert.ASM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temp\ObywDOTy.exe.part Win32/TrojanDownloader.FakeAlert.ASM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\Local Settings\Temporary Internet Files\Content.IE5\GNYRRUQU\n002102304805r0409J11000601Re305c02fWbc5f6f06X2b4b6b05Y6759ddf4Z03003f360[1] Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner.HOMEPC\My Documents\downloads\unlocker1.8.8.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\RunLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 15th June 2010, 6:42 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by sheltered on 16th June 2010, 4:02 am

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
[You must be registered and logged in to see this link.]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

SpyHunter
Spybot - Search & Destroy
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 6.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

sheltered
Novice
Novice

Posts Posts : 10
Joined Joined : 2010-06-12
OS OS : xp
Points Points : 23844
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Another AV security Suite infection

Post by Dr Jay on 16th June 2010, 4:53 pm

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

More info about SP3: [You must be registered and logged in to see this link.]

===========================

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

========================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum