Trojan-relayer-jolleee

View previous topic View next topic Go down

Trojan-relayer-jolleee

Post by pdicdiver on Sat Jun 12, 2010 9:50 am

Hello,

For the past several days when I've been running CCleaner my Webroot Spy Sweeper has been popping up and informing me that it has quarantined a Trojan called "Trojan-relayer-jollee. I delete it from quarantine only to have it quarantined again by Spy Sweeper the next time I ran CCleaner. I not sure if this is an actual infection or a false positive. Below I have posted the OTL.Txt Log per your request for analysis. Thanks for any assistance. Ed


OTL logfile created on: 6/11/2010 10:40:13 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\EWJewell\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 32.88 Gb Free Space | 44.13% Space Free | Partition Type: FAT32
Drive D: | 204.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWORDFISH
Current User Name: EWJewell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 22:35:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EWJewell\My Documents\Downloads\OTL.exe
PRC - [2010/06/11 07:52:08 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/03/18 02:29:48 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\EWJewell\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/05 07:58:14 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/05 07:58:08 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/11/18 22:06:30 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/07/21 13:34:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:48 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 10:35:10 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/23 13:37:38 | 002,654,208 | ---- | M] (Efficient Networks Inc.) -- C:\Program Files\DSL Tools\DSL Tools\app\TangoManager.exe
PRC - [2004/09/17 13:24:08 | 000,057,344 | ---- | M] () -- C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe
PRC - [2001/08/29 15:17:40 | 000,307,200 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\system32\tbctray.exe
PRC - [2001/04/03 06:38:30 | 000,038,912 | ---- | M] (LUCENT TECHNOLOGIES) -- C:\WINDOWS\system32\ltmsg.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 22:35:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EWJewell\My Documents\Downloads\OTL.exe
MOD - [2010/02/05 07:58:46 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/13 20:11:52 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008/04/13 20:11:52 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/07/28 15:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SNDSrvc)
SRV - [2010/02/05 07:58:08 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/18 22:06:30 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/21 13:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/02 07:10:00 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\cypherixsrv.exe -- (cypherixservice)
SRV - [2004/09/17 13:24:08 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\DSL Tools\DSL Tools\app\TangoService.exe -- (TangoService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/25 17:02:16 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 05:59:36 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 05:59:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/05 07:58:46 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/02/05 07:58:44 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/05 07:58:44 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/30 11:49:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/05/11 09:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/05 14:53:34 | 000,100,728 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cyphxdrv.sys -- (cyphxdrv)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/12/09 10:59:16 | 000,007,754 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\DSL Tools\DSL Tools\app\ENDETECT.sys -- (ENDETECT)
DRV - [2004/12/09 10:58:02 | 000,018,848 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\DSL Tools\DSL Tools\app\ntstpl1.sys -- (NTSTPL1)
DRV - [2004/12/09 10:58:00 | 000,051,008 | ---- | M] (Network TeleSystems, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\DSL Tools\DSL Tools\app\tapbind1.sys -- (TAPBIND)
DRV - [2004/12/09 10:56:38 | 000,018,450 | ---- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\DSL Tools\DSL Tools\app\l2xpsr.sys -- (L2XPSR)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/07/28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/27 12:00:34 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/12/04 09:18:06 | 000,659,905 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/08/29 15:19:44 | 000,524,288 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2001/08/29 15:19:38 | 000,142,336 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2001/08/28 13:19:48 | 000,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2001/05/14 18:15:40 | 000,010,368 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2010/06/05 23:14:34 | 000,000,818 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 pubs.mgn.net #french
O1 - Hosts: 127.0.0.1 pubs.mgn.net #french
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [TangoManager] C:\Program Files\DSL Tools\DSL Tools\app\TangoManager.exe (Efficient Networks Inc.)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\EWJewell\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {9B785917-E16B-4A9F-8E73-9D3346E4F0BC} [You must be registered and logged in to see this link.] (DivingPlugInX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\EWJewell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\EWJewell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (625\ecurity Packages settings..) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 11:19:38 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/09/10 17:24:46 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/01/26 11:17:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^EWJewell^Start Menu^Programs^Startup^Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe - (The Webshots Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: SYMTDI - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {097860E3-73B2-4efa-9F92-A9DDAD6ADACF} -
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2D5974C5-5185-4f5b-80B6-28015ACDD74C} - q319182
ActiveX: {2eac6a2d-57a8-44d4-96f7-e32bab40ca5f} - Windows Update
ActiveX: {325F893E-F95F-4076-AAD7-1337EDD99971} -
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {44FF4890-9180-4e40-BA93-E444CC8661DF} -
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61E6EAE5-7821-4AC1-9BBD-AED032A8E273} - Q323759
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {A909984B-4FE5-43f8-BBB1-6C00652217D8} -
ActiveX: {A938365F-7142-4417-BEDB-CCAE9F2FE83A} -
ActiveX: {B260B385-C436-420a-B635-61889A330D8E} -
ActiveX: {B2A58FE8-7797-4a6b-AC8E-45B6115BF724} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0C31EA8-106B-4c1f-AB2D-B5FEFD693511} -
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D7B44F3E-77D3-44C5-8E03-4222D9A18B7B} - Q321232
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E81659DF-28E1-4C60-B4B9-00A4BC5FA76D} - Q316059
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{b5f15cbd-370a-4244-8f42-14cba2eb4e2c} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECX.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

File not found --
[2010/06/11 22:35:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\EWJewell\Recent
[2010/06/11 19:03:46 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/06/11 17:01:00 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010/06/10 22:46:48 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\EWJewell\xl
[2010/06/11 22:12:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 19:21:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/11 19:21:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 19:04:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:04:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 19:04:14 | 2146,516,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 18:57:26 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\EWJewell\ntuser.dat
[2010/06/11 18:57:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\EWJewell\ntuser.ini
[2010/06/11 16:04:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/11 08:57:02 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\EWJewell\Desktop\Revo Uninstaller.lnk
[2010/06/11 07:50:54 | 002,359,350 | ---- | M] () -- C:\WINDOWS\WebshotsForEWJewell.bmp
[2010/06/11 03:00:02 | 000,001,658 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L2B2753F0BC1845F19EEDBCC00FB13A81.job
[2010/06/11 02:35:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1004Core1cac66480a54246.job
[2010/06/11 02:28:52 | 000,259,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 01:37:04 | 000,528,952 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 01:37:04 | 000,445,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 01:37:04 | 000,073,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 12:41:02 | 005,902,336 | ---- | M] () -- C:\Documents and Settings\EWJewell\My Documents\My Money.mny
[2010/06/10 12:40:58 | 005,904,159 | R--- | M] () -- C:\Documents and Settings\EWJewell\My Documents\My Money Backup.mbf
[2010/06/08 18:12:32 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\EWJewell\Desktop\Google Chrome.lnk
[2010/06/04 12:19:44 | 026,214,400 | ---- | M] () -- C:\WINDOWS\System32\cxl1705
[2010/05/26 13:53:34 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\EWJewell\Desktop\CCleaner.lnk
[2010/05/21 14:00:32 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\EWJewell\Desktop\CDBurnerXP.lnk
[2010/05/16 05:17:34 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\EWJewell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 08:57:01 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\EWJewell\Desktop\Revo Uninstaller.lnk
[2009/12/31 14:26:58 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/10/13 22:43:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/06/27 13:46:05 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/06/27 13:46:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/06/26 14:03:33 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/06/26 14:03:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/01/14 15:36:28 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/01/18 10:04:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/01/18 10:04:12 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2004/11/21 17:04:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/05/31 11:11:33 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/05/31 11:11:33 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/05/31 10:38:41 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/05/29 10:21:43 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/09 12:19:02 | 000,000,807 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2003/01/09 12:18:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/11/02 09:12:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2002/11/01 10:35:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/11/01 10:34:05 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/11/01 10:33:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/04/17 14:07:11 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2002/04/17 13:57:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2002/02/11 16:08:51 | 000,077,796 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/02/01 15:26:47 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2002/02/01 15:26:47 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2002/02/01 15:26:47 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2002/02/01 15:26:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2002/01/29 17:21:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2002/01/28 13:56:24 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2002/01/26 19:56:58 | 000,002,128 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/01/26 18:46:16 | 000,000,233 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2002/01/26 18:24:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/01/26 17:00:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2002/01/26 16:21:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/01/26 15:27:12 | 000,000,012 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2001/08/18 12:00:00 | 001,135,616 | ---- | C] () -- C:\WINDOWS\System32\QUARTZ(2).DLL
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2009/11/06 12:00:20 | 000,016,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SsiEfr.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/01/26 11:20:34 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2002/01/26 11:20:34 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/01/26 11:20:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.sys >
[2004/06/09 09:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/02/07 19:07:08 | 000,004,608 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI64.sys
[2005/03/13 16:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2001/08/18 12:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/08/18 12:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/18 12:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2005/02/09 13:08:04 | 000,007,168 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DLPT64.sys
[2001/08/18 12:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2005/02/08 15:46:04 | 000,005,120 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMO64.sys
[2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSPCLOCK.sys
[2004/06/15 15:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2001/08/18 12:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/18 12:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/18 12:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/18 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/18 12:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/05/17 17:43:02 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/05/17 17:43:08 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/05/17 17:43:04 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/05/17 17:43:10 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/05/17 17:43:06 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:45:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2005/02/08 13:04:46 | 000,005,632 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEn64.sys
[2002/08/28 21:23:06 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/02/08 12:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2001/07/03 20:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/11/02 22:25:26 | 000,000,051 | ---- | M] () -- C:\DVDPATH.TXT
[2008/08/22 00:15:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/01/14 08:37:56 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/24 07:25:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002/01/26 11:34:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/30 11:19:38 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/01/26 11:34:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/26 11:34:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/03/23 14:34:02 | 000,000,658 | ---- | M] () -- C:\SSPPPoE.log
[2009/02/05 23:48:16 | 000,000,164 | ---- | M] () -- C:\install.dat
[2006/06/28 14:56:54 | 046,095,450 | ---- | M] () -- C:\BLShklm.reg
[2006/06/28 14:56:36 | 015,306,062 | ---- | M] () -- C:\BLShkcu.reg
[2010/06/11 19:04:06 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys
[2002/01/26 13:43:30 | 018,340,173 | ---- | M] (Sierra Imaging, Inc.) -- C:\Dell Picture Studio.lnk
[2002/01/26 14:47:06 | 008,981,440 | ---- | M] (InstallShield Software Corporation) -- C:\ar505enu.exe
[2008/11/17 08:57:10 | 000,210,978 | ---- | M] () -- C:\coreuninstall.log
[2010/06/11 19:04:14 | 2146,516,992 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/30 19:40:28 | 000,000,016 | ---- | M] () -- C:\h.txt
[2010/04/29 16:35:02 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/04/10 16:24:20 | 000,006,306 | ---- | M] () -- C:\JavaRa.log
[2002/02/10 14:19:14 | 000,000,304 | ---- | M] () -- C:\twacker.log
[2003/01/13 09:12:00 | 000,005,954 | ---- | M] () -- C:\devicetable.log

< %PROGRAMFILES%\*. >
[2002/01/26 11:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/01/26 11:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2002/01/26 11:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/12/30 15:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2002/01/26 11:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2002/01/26 11:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/01/13 12:29:00 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/01/13 13:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2002/01/26 11:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2002/01/26 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2002/01/26 11:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2002/01/26 11:32:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2002/01/26 11:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2002/01/26 11:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2002/01/26 11:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2002/01/26 11:47:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/29 15:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\WOT
[2002/01/26 11:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/12/30 11:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/10/06 13:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2006/06/27 09:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/07/30 11:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2007/03/23 14:11:06 | 000,000,000 | ---D | M] -- C:\Program Files\DSL Tools
[2002/01/26 15:22:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2002/01/26 15:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2002/01/26 15:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\Turtle Beach
[2002/01/26 16:14:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2001
[2002/01/26 16:16:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/05/09 06:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2002/01/26 16:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2002/01/26 16:23:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money
[2009/10/13 09:45:12 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2002/01/26 16:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! PhotoPub
[2008/08/27 16:54:04 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2002/01/26 17:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\Adaptec
[2008/09/11 15:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Suunto
[2002/01/26 19:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\Epson
[2002/01/26 19:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/04/02 16:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/16 07:09:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/04/28 15:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/10/08 17:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/21 13:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2002/01/27 12:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/29 00:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2008/09/01 17:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2002/01/28 13:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Webshots
[2009/04/28 15:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2002/02/03 18:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\LXKZ53
[2009/04/28 17:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/10/05 06:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/10/17 08:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/10/01 18:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Cypherix LE
[2010/04/15 17:55:38 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/11/25 00:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/10 11:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2002/07/03 12:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\4th of July
[2002/07/30 09:39:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Bonus Pack for Windows XP
[2002/11/01 10:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\PhoneTools
[2002/11/02 09:12:34 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2002/11/14 17:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 7
[2003/07/02 19:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\SDM
[2003/11/02 19:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\SereneScreen
[2003/12/15 19:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2005/01/18 09:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\FinePixViewer
[2005/02/11 22:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA MEDIA
[2005/03/07 10:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2005/08/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2005/08/28 19:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\REGSHAVE
[2006/01/08 12:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2006/01/11 11:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN

< %appdata%\*.* >
[2002/01/26 11:21:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\EWJewell\Application Data\desktop.ini
[2006/02/10 13:48:42 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\EWJewell\Application Data\ViewerApp.dat


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/08/21 23:44:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 05:56:13
< End of report >

Let me think

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by Dr Jay on Sat Jun 12, 2010 8:19 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Sun Jun 13, 2010 12:06 am

Thank you for the timely response. Here is the ComboFix Log that you requested. Ed


ComboFix 10-06-11.01 - EWJewell 06/12/2010 19:34:39.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1576 [GMT -4:00]
Running from: c:\documents and settings\EWJewell\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\desktop.ini
C:\Thumbs.db
c:\windows\patch.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-11 23:03 . 2010-06-11 23:03 -------- d-----w- C:\FOUND.001
2010-06-11 21:01 . 2010-06-11 21:01 -------- d-----w- C:\FOUND.000
2010-06-11 02:46 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-24 18:15 . 2010-05-24 18:15 503808 ----a-w- c:\documents and settings\EWJewell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-121810ab-n\msvcp71.dll
2010-05-24 18:15 . 2010-05-24 18:15 499712 ----a-w- c:\documents and settings\EWJewell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-121810ab-n\jmc.dll
2010-05-24 18:15 . 2010-05-24 18:15 348160 ----a-w- c:\documents and settings\EWJewell\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-121810ab-n\msvcr71.dll
2010-05-24 18:15 . 2010-05-24 18:15 61440 ----a-w- c:\documents and settings\EWJewell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20973564-n\decora-sse.dll
2010-05-24 18:15 . 2010-05-24 18:15 12800 ----a-w- c:\documents and settings\EWJewell\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-20973564-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 21:04 . 2010-05-04 20:03 63488 ----a-w- c:\documents and settings\EWJewell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-12 21:04 . 2009-03-17 20:36 117760 ----a-w- c:\documents and settings\EWJewell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 10:41 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2001-08-18 16:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 16:19 . 2009-02-21 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 16:19 . 2009-02-21 17:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2001-08-18 16:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 21:55 . 2010-04-15 21:55 -------- d-----w- c:\program files\SpywareBlaster
2010-04-12 21:29 . 2010-05-01 16:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-11 2403568]
"Google Update"="c:\documents and settings\EWJewell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-21 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-03-27 36864]
"nwiz"="c:\windows\system32\nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350]
"LTWinModem1"="c:\windows\system32\ltmsg.exe" [2001-04-03 38912]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-05 1800464]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2001-08-29 307200]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\EWJewell\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2002-1-28 196608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-8-8 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 13:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EWJewell^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\Lexpps.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/30/2009 3:43 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/30/2009 3:43 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/30/2009 11:27 AM 108289]
R2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [?]
R2 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [10/1/2009 6:19 PM 100728]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [10/25/2009 10:51 AM 1201640]
R3 ENDETECT;ENDETECT;c:\progra~1\DSLTOO~1\DSLTOO~1\app\ENDETECT.SYS [3/23/2007 2:11 PM 7754]
R3 L2XPSR;L2XPSR;c:\progra~1\DSLTOO~1\DSLTOO~1\app\L2XPSR.SYS [3/23/2007 2:11 PM 18450]
R3 NTSTPL1;NTSTPL1;c:\progra~1\DSLTOO~1\DSLTOO~1\app\NTSTPL1.SYS [3/23/2007 2:11 PM 18848]
R3 TAPBIND;TAPBIND;c:\progra~1\DSLTOO~1\DSLTOO~1\app\TAPBIND1.SYS [3/23/2007 2:11 PM 51008]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/26/2002 3:27 PM 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/26/2002 3:27 PM 524288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 3:15 AM 135664]
S3 DCamUSBBVI;SiPix StyleCam RAVE/SNAP Dual Mode Camera;c:\windows\system32\Drivers\biomini.sys --> c:\windows\system32\Drivers\biomini.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 12872]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [1/26/2002 3:27 PM 19232]
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 07:13]

2010-06-11 c:\windows\Tasks\wrSpySweeper_L2B2753F0BC1845F19EEDBCC00FB13A81.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-25 19:19]

2010-06-11 c:\windows\Tasks\wrSpySweeper_L2B2753F0BC1845F19EEDBCC00FB13A81.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-25 19:19]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1004Core1cac66480a54246.job
- c:\documents and settings\EWJewell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-21 15:13]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 07:13]

2010-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar =
uInternet Settings,ProxyOverride =
uSearchAssistant =
uCustomizeSearch =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {9B785917-E16B-4A9F-8E73-9D3346E4F0BC} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-svcWRSSSDK
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-12 19:49
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-12 19:55:45
ComboFix-quarantined-files.txt 2010-06-12 23:55

Pre-Run: 35,360,636,928 bytes free
Post-Run: 35,323,576,320 bytes free

- - End Of File - - DCE10F8F179ECBE6A9177F0067EAB6E9

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by Dr Jay on Sun Jun 13, 2010 6:35 pm

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Sun Jun 13, 2010 6:57 pm

MySystem-Search

Run on 06/13/2010 at 14:54:56

MSS v1.3


Basic System Information



CD Emulation Drivers running?



Peer-to-Peer applications?



File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile


Running processes



Hidden objects

PATH: C:\windows

inf
$NtUninstallKB959772_WM11$
ie8
$NtUninstallKB958644$
$NtUninstallKB956841$
$NtUninstallKB956802$
$NtUninstallKB958687$
$NtUninstallKB955069$
msdownld.tmp
$NtUninstallKB954211$
$NtUninstallKB908519$
$NtUninstallKB957095$
$NtUninstallKB911927$
$NtUninstallKB911565$
$NtUninstallKB956391$
$NtUninstallKB911564$
$NtUninstallKB913446$
QTFont.qfn
$NtUninstallKB956803$
$NtUninstallKB960715$
winnt.bmp
winnt256.bmp
WindowsShell.Manifest
$NtUninstallKB954459$
$NtUninstallKB957097$
$NtUninstallKB954600$
Installer
$NtUninstallKB952069_WM9$
$NtUninstallKB955839$
PLAYENU.GID
$NtUninstallQ810577$
$NtUninstallKB967715$
$NtUninstallKB961118$
$NtUninstallKB958690$
$NtUninstallQ319580$
$NtUninstallKB960225$
$NtUninstallKB923561$
$NtUninstallKB969898$
$NtUninstallKB961373$
$NtUninstallKB956572$
$NtUninstallKB952004$
$NtUninstallKB960803$
$NtUninstallKB959426$
$NtUninstallKB961371$
$NtServicePackUninstall$
$NtUninstallKB961501$
$NtUninstallKB968537$
$NtUninstallQ810833$
$NtUninstallQ328310$
$NtUninstallQ329390$
$NtUninstallQ810565$
$NtUninstallQ329115$
$NtUninstallQ329048$
$NtUninstallQ322011$
$NtUninstallQ329834$
$NtUninstallQ814033$
$NtUninstallQ331953$
$NtUninstallKB970238$
$NtUninstallKB823980$
$NtUninstallKB828035$
$NtUninstallKB825119$
$NtUninstallKB826939$
$NtUninstallKB823182$
$NtUninstallQ819696$
$NtUninstallKB822603$
$NtUninstallKB820291$
$NtUninstallKB817778$
$NtUninstallKB821253$
$NtUninstallKB824105$
$NtUninstallKB824141$
$NtUninstallQ828026$
$NtUninstallKB810217$
$NtUninstallKB828028$
$NtUninstallKB837001$
$NtUninstallKB828741$
$NtUninstallKB835732$
$NtUninstallKB840374$
$NtUninstallKB973815$
$NtUninstallKB971633$
$NtUninstallKB839643-DirectX9$
$NtUninstallKB842773$
$NtUninstallKB840315$
$NtUninstallKB841873$
$NtUninstallKB839645$
$NtUninstallKB840987$
$NtUninstallKB973346$
$NtUninstallKB834707-IE6SP1-20040929.091901$
$NtUninstallKB883357$
$NtUninstallKB841533$
$NtUninstallKB841356$
$NtUninstallKB873376$
$NtUninstallKB833987$
$NtUninstallKB889293-IE6SP1-20041111.235619$
$hf_mig$
$NtUninstallKB885835_0$
$NtUninstallKB873339_0$
$NtUninstallKB885836_0$
$NtUninstallKB968389$
$NtUninstallKB891711$
$NtUninstallKB871250$
$NtUninstallKB890175_0$
$NtUninstallKB885836$
$NtUninstallKB885835$
$NtUninstallKB873339$
$NtUninstallKB890175$
$NtUninstallKB886185$
$NtUninstallKB834707$
$NtUninstallKB973540_WM9$
$NtUninstallKB973354$
$NtUninstallKB888302$
$NtUninstallKB890047$
$NtUninstallKB873333$
$NtUninstallKB867282$
$NtUninstallKB891781$
$NtUninstallKB887472$
$NtUninstallKB888113$
$NtUninstallKB885250$
$NtUninstallKB887742$
$NtUninstallKB973507$
$MSI31Uninstall_KB893803$
$NtUninstallKB890859$
$NtUninstallKB893086$
$NtUninstallKB890923$
$NtUninstallKB893066$
$NtUninstallKB973869$
$NtUninstallKB956744$
$MSI31Uninstall_KB893803v2$
$NtUninstallKB896428$
$NtUninstallKB890046$
$NtUninstallKB896358$
$NtUninstallKB883939$
$NtUninstallKB896422$
$NtUninstallKB898461$
$NtUninstallKB971557$
$NtUninstallKB971657$
$NtUninstallKB903235$
$NtUninstallKB901214$
$NtUninstallKB894391$
$NtUninstallKB899588$
$NtUninstallKB896727$
$NtUninstallKB896423$
$NtUninstallKB893756$
$NtUninstallKB899591$
$NtUninstallKB899587$
$NtUninstallKB911567$
$NtUninstallKB960859$
$NtUninstallKB970653-v3$
$NtUninstallKB905749$
$NtUninstallKB904706$
$NtUninstallKB900725$
$NtUninstallKB905414$
$NtUninstallKB896688$
$NtUninstallKB902400$
$NtUninstallKB901017$
$NtUninstallKB896424$
$NtUninstallKB905915$
$NtUninstallKB910437$
$NtUninstallKB912919$
$NtUninstallKB912812$
$NtUninstallKB911562$
$NtUninstallKB908531$
$NtUninstallKB900485$
$NtUninstallKB913580$
$NtUninstallKB914389$
$NtUninstallKB916281$
$NtUninstallKB917953$
$NtUninstallKB917344$
$NtUninstallKB918439$
$NtUninstallKB917734_WMP9$
$NtUninstallKB971961$
$NtUninstallKB969947$
$NtUninstallKB956844$
$NtUninstallKB911280$
$NtUninstallKB968816_WM9$
$NtUninstallKB916595$
$NtUninstallKB914388$
$NtUninstallKB917159$
$NtUninstallKB921883$
$NtUninstallKB975467$
$NtUninstallKB918899$
$NtUninstallKB917422$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB921398$
$NtUninstallKB922616$
$NtUninstallKB920214$
$NtUninstallKB971737$
$NtUninstallKB925486$
$NtUninstallKB922582$
$NtUninstallKB923191$
$NtUninstallKB919007$
$NtUninstallKB920872$
$NtUninstallKB924496$
$NtUninstallKB920685$
$NtUninstallKB923414$
$NtUninstallKB922819$
$NtUninstallKB924191$
$NtUninstallKB904942$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB973525$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB971486$
$NtServicePackUninstallIDNMitigationAPIs$
ie7
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB974112$
$NtUninstallKB920213$
$NtUninstallKB924270$
$NtUninstallKB923980$
$NtUninstallKB923694$
$NtUninstallKB926255$
$NtUninstallKB923689$
$NtUninstallKB925398_WMP64$
$NtUninstallKB954155_WM9$
$NtUninstallKB969059$
$NtUninstallKB958869$
$NtUninstallKB973687$
$NtUninstallKB971513$
$NtUninstallKB974392$
$NtUninstallKB976098-v2$
$NtUninstallKB972270$
$NtUninstallKB973904$
$NtUninstallKB928255$
$NtUninstallKB974318$
$NtUninstallKB928843$
$NtUninstallKB941202$
$NtUninstallKB927802$
$NtUninstallKB933729$
$NtUninstallKB970430$
$NtUninstallKB943460$
$NtUninstallKB924667$
$NtUninstallKB977165$
$NtUninstallKB927779$
$NtUninstallKB944653$
$NtUninstallKB918118$
$NtUninstallKB941568$
$NtUninstallKB926436$
$NtUninstallKB941569$
$NtUninstallKB931836$
$NtUninstallKB942763$
$NtUninstallKB929338$
$NtUninstallKB943485$
$NtUninstallKB941644$
$NtUninstallKB979306$
$NtUninstallKB943055$
$NtUninstallKB946026$
$NtUninstallKB945553$
$NtUninstallKB948590$
$NtUninstallKB955759$
$NtUninstallKB941693$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB925902$
$NtUninstallKB978706$
$NtUninstallKB932823-v3$
$NtUninstallKB951376_0$
$NtUninstallKB950760$
$NtUninstallKB950762_0$
$NtUninstallKB951698_0$
$NtUninstallKB977914$
$NtUninstallKB975560$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951748_0$
$NtUninstallKB978251$
$NtUninstallKB951066_0$
$NtUninstallKB975713$
$NtUninstallKB932168$
$NtUninstallKB978037$
$NtUninstallKB930178$
$NtUninstallKB952287_0$
$NtUninstallKB931261$
$NtUninstallKB951072-v2$
$NtUninstallKB931784$
$NtUninstallKB950974_0$
$NtUninstallKB953839$
$NtUninstallKB946648_0$
$NtUninstallKB952954_0$
$NtUninstallKB951698$
$NtUninstallKB951376$
$NtUninstallKB971468$
$NtUninstallKB930916$
$NtUninstallKB950762$
$NtUninstallKB978262$
$NtUninstallKB951376-v2$
$NtUninstallKB951748$
$NtUninstallKB950974$
$NtUninstallKB975561$
$NtUninstallKB927891$
$NtUninstallKB952954$
$NtUninstallKB951066$
$NtUninstallKB979309$
$NtUninstallKB978542$
$NtUninstallKB952287$
$NtUninstallKB935839$
$NtUninstallKB946648$
$NtUninstallKB935840$
$NtUninstallKB981793$
$NtUninstallKB929123$
$NtUninstallKB951978$
$NtUninstallKB978601$
$NtUninstallWudf01000$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallKB977816$
$NtUninstallMSCompPackV1$
$NtUninstallKB936782_WMP11$
$NtUninstallKB939683$
$NtUninstallKB929399$
$NtUninstallKB954154_WM11$
$NtUninstallKB938464$
$NtUninstallKB978338$
$NtUninstallKB980232$
$NtUninstallKB979683$
$NtUninstallKB975562$
$NtUninstallKB979482$
$NtUninstallKB978695_WM9$
$NtUninstallKB979559$
$NtUninstallKB980195$
$NtUninstallKB980218$
$NtUninstallKB936357$
$NtUninstallKB938829$
$NtUninstallKB921503$
$NtUninstallKB936782_WMP9$
$NtUninstallKB938828$
$NtUninstallKB936021$
$NtUninstallKB933360$


PATH: C:\windows\system32

dllcache
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
wuaucpl.cpl.manifest
cdplayer.exe.manifest
logonui.exe.manifest
WindowsLogon.manifest


PATH: C:\windows\system32\drivers



PATH: C:\

ntldr
NTDETECT.COM
boot.ini
IO.SYS
MSDOS.SYS
System Volume Information
pagefile.sys
hiberfil.sys
cmdcons
Recycled


User Profile check

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Sun Jun 13, 2010 6:58 pm

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\S-1-5-21-1292428093-1757981266-725345543-1004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\S-1-5-21-1292428093-1757981266-725345543-1004\Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper\IEH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x754eea58
ProfileLoadTimeHigh REG_DWORD 0x1cb0a9f
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\S-1-5-21-1292428093-1757981266-725345543-1004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\S-1-5-21-1292428093-1757981266-725345543-1004\Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper\IEH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6e5c5014
ProfileLoadTimeHigh REG_DWORD 0x1cb0a9f
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\S-1-5-21-1292428093-1757981266-725345543-1004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\S-1-5-21-1292428093-1757981266-725345543-1004\Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper\IEH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\EWJewell
Sid REG_BINARY 0105000000000005150000003DE3084D52AAC86807E53B2BEC030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x8049ded6
ProfileLoadTimeHigh REG_DWORD 0x1cb0a9f
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
NextLogonCacheable REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Microsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Microsoft\Internet Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1292428093-1757981266-725345543-1004\S-1-5-21-1292428093-1757981266-725345543-1004\Software\Webroot\SpySweeper\IEH


Current Scheduled Tasks

PATH: C:\Windows\Tasks

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskUserS-1-5-21-1292428093-1757981266-725345543-1004Core1cac66480a54246.job
GoogleUpdateTaskMachineUA.job
AppleSoftwareUpdate.job
desktop.ini
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 2937-08D2

Directory of C:\Windows\System32\Drivers

Volume in drive C has no label.
Volume Serial Number is 2937-08D2

Directory of C:\Windows\System32\Drivers

03/29/2000 05:11 PM 8,096 MASPINT.SYS
05/14/2001 06:15 PM 10,368 omci.sys
06/20/2001 05:32 PM 4,272 bvrp_pci.sys
07/03/2001 08:39 PM 3,654 Sonyhcp.dll
08/17/2001 12:50 PM 731,648 nv4.sys
08/17/2001 01:46 PM 6,400 enum1394.sys
08/17/2001 01:48 PM 12,160 mouhid.sys
08/17/2001 01:57 PM 16,128 MODEMCSA.sys
08/17/2001 01:59 PM 3,072 audstub.sys
08/18/2001 12:00 PM 125,056 ftdisk.sys
08/18/2001 12:00 PM 31,360 atmepvc.sys
08/18/2001 12:00 PM 13,952 cbidf2k.sys
08/18/2001 12:00 PM 4,352 wmilib.sys
08/18/2001 12:00 PM 646 gmreadme.txt
08/18/2001 12:00 PM 8,832 rasacd.sys
08/18/2001 12:00 PM 11,776 cpqdap01.sys
08/18/2001 12:00 PM 5,888 dmload.sys
08/18/2001 12:00 PM 352,256 atmuni.sys
08/18/2001 12:00 PM 3,328 dxgthk.sys
08/18/2001 12:00 PM 4,224 rdpcdd.sys
08/18/2001 12:00 PM 3,440,660 gm.dls
08/18/2001 12:00 PM 32,896 ipfltdrv.sys
08/18/2001 12:00 PM 262,528 cinemst2.sys
08/18/2001 12:00 PM 4,736 usbd.sys
08/18/2001 12:00 PM 21,376 tsbvcap.sys
08/18/2001 12:00 PM 3,456 oprghdlr.sys
08/18/2001 12:00 PM 11,648 acpiec.sys
08/18/2001 12:00 PM 12,160 fsvga.sys
08/18/2001 12:00 PM 4,224 beep.sys
08/18/2001 12:00 PM 4,224 mnmdd.sys
08/18/2001 12:00 PM 12,032 ws2ifsl.sys
08/18/2001 12:00 PM 58,112 vdmindvd.sys
08/18/2001 12:00 PM 6,784 parvdm.sys
08/18/2001 12:00 PM 51,712 tosdvd.sys
08/18/2001 12:00 PM 14,592 smclib.sys
08/18/2001 12:00 PM 5,888 rootmdm.sys
08/18/2001 12:00 PM 12,032 riodrv.sys
08/18/2001 12:00 PM 12,032 rio8drv.sys
08/18/2001 12:00 PM 34,432 rawwan.sys
08/18/2001 12:00 PM 55,936 nwlnkspx.sys
08/18/2001 12:00 PM 63,232 nwlnknb.sys
08/18/2001 12:00 PM 17,792 ptilink.sys
08/18/2001 12:00 PM 16,512 raspti.sys
08/18/2001 12:00 PM 32,512 nwlnkfwd.sys
08/18/2001 12:00 PM 12,416 nwlnkflt.sys
08/18/2001 12:00 PM 12,032 nikedrv.sys
08/18/2001 12:00 PM 7,680 mcd.sys
08/18/2001 12:00 PM 18,688 cdaudio.sys
08/18/2001 12:00 PM 7,936 fs_rec.sys
08/18/2001 12:00 PM 2,944 null.sys
08/23/2001 05:00 AM 10,496 dxapi.sys
08/29/2001 03:18 PM 3,584 tbcos.sys
08/29/2001 03:19 PM 142,336 tbcspud.sys
08/29/2001 03:19 PM 524,288 tbcwdm.sys
11/05/2001 09:23 AM 6,097 sonyhcb.sys
11/05/2001 09:23 AM 38,739 sonyhcc.sys
11/05/2001 09:23 AM 299,923 sonyhcs.sys
11/25/2001 07:11 AM 81,924 VC4CB104.SYS
12/04/2001 09:18 AM 659,905 ltmdmxp.sys
01/26/2002 11:17 AM etc
01/26/2002 11:17 AM .
01/26/2002 11:17 AM ..
01/26/2002 11:17 AM disdn
04/15/2002 11:11 PM 67,866 netwlan5.img
10/15/2002 10:41 PM 102,220 sonypvs1.sys
05/27/2003 12:00 PM 73,496 SYMEVENT.SYS
07/28/2003 03:19 PM 1,341,339 nv4_mini.sys
03/08/2004 12:55 PM 13,567 CDRBSDRV.SYS
04/02/2004 04:54 PM 1,009 driver jp.txt
07/17/2004 11:36 AM 64,352 ativmc20.cod
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/03/2004 10:41 PM 606,684 ltmdmnt.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 13,776 recagent.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
11/13/2007 05:25 AM 20,480 secdrv.sys
11/16/2007 07:55 PM 165,496 e100b325.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 12:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:33 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,504 mstee.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 DMusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 60,032 usbaudio.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 10,624 gameenum.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 51,200 msdv.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 38,912 avc.sys
04/13/2008 02:46 PM 48,128 61883.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 15,232 mpe.sys
04/13/2008 02:46 PM 11,776 bdasup.sys
04/13/2008 02:46 PM 10,880 ndisip.sys
04/13/2008 02:46 PM 15,232 streamip.sys
04/13/2008 02:46 PM 11,136 slip.sys
04/13/2008 02:46 PM 19,200 wstcodec.sys
04/13/2008 02:46 PM 17,024 ccdecode.sys
04/13/2008 02:46 PM 85,248 nabtsfec.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:16 PM 141,056 ks.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
05/08/2008 10:02 AM 203,136 RMCast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
07/23/2008 12:50 PM 43,528 pxhelp20.sys
08/14/2008 06:04 AM 138,496 afd.sys
09/01/2008 05:30 PM UMDF
09/05/2008 02:53 PM 100,728 cyphxdrv.sys
02/13/2009 11:17 AM 45,416 avgntdd.sys
02/13/2009 11:29 AM 22,360 avgntmgr.sys
03/30/2009 09:33 AM 96,104 avipbb.sys
05/11/2009 09:12 AM 28,520 ssmdrv.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
10/20/2009 11:20 AM 265,728 http.sys
11/06/2009 12:00 PM 29,808 ssfs0bbc.sys
11/06/2009 12:00 PM 176,752 ssidrv.sys
11/06/2009 12:00 PM 23,152 sshrmd.sys
11/12/2009 02:48 PM 7,168 StarOpen.sys
12/30/2009 11:49 AM 56,816 avgntflt.sys
12/31/2009 11:50 AM 353,792 srv.sys
02/05/2010 07:58 AM 134,344 cmdguard.sys
02/05/2010 07:58 AM 25,160 cmdhlp.sys
02/05/2010 07:58 AM 87,104 inspect.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
02/24/2010 09:11 AM 455,680 mrxsmb.sys
04/29/2010 12:19 PM 20,952 mbam.sys
04/29/2010 12:19 PM 38,224 mbamswissarmy.sys
317 File(s) 30,344,730 bytes
5 Dir(s) 35,059,859,456 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\EWJewell\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SWORDFISH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\EWJewell
LOGONSERVER=\\SWORDFISH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\COMMON~1\MGISHA~1\Video;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\EWJewell\LOCALS~1\Temp
TMP=C:\DOCUME~1\EWJewell\LOCALS~1\Temp
USERDOMAIN=SWORDFISH
USERNAME=EWJewell
USERPROFILE=C:\Documents and Settings\EWJewell
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


Stealth malware?


Internet Explorer

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Sun Jun 13, 2010 6:59 pm

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Use_DlgBox_Colors REG_SZ yes
Check_Associations REG_SZ yes
Search Bar REG_SZ
REG_SZ
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
PrivDiscUiShown REG_DWORD 0x1
SyncMode5 REG_DWORD 0x4
UrlEncoding REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
WarnonBadCertRecving REG_DWORD 0x1
WarnonZoneCrossing REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
ProxyOverride REG_SZ
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY 8E63BCC7B779CA01
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Digest

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x0
Disable script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://www.msn.com
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Check_Associations REG_SZ no
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5700000057000000EF030000B5010000
NotifyDownloadComplete REG_SZ yes
Use FormSuggest REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Error Dlg Details Pane Open REG_SZ no
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x1
NoWebJITSetup REG_DWORD 0x0
Page_Transitions REG_DWORD 0x1
Enable Browser Extensions REG_SZ yes
UseThemes REG_DWORD 0x1
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
ShowGoButton REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Enable_MyPics_Hoverbar REG_SZ yes
Play_Animations REG_SZ yes
Play_Background_Sounds REG_SZ yes
Display Inline Videos REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
FormSuggest Passwords REG_SZ yes
FormSuggest PW Ask REG_SZ no
LastCheckedHi REG_DWORD 0x1c7068c
DisablescriptDebuggerIE REG_SZ yes
AutoSearch REG_DWORD 0x0
AddToFavoritesExpanded REG_DWORD 0x1
Use Search Asst REG_SZ yes
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
SearchMigratedDefaultName REG_SZ Live Search
SearchMigratedDefaultURL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchMigratedInstalled REG_DWORD 0x1
AlwaysShowMenus REG_DWORD 0x1
AutoHide REG_SZ yes
ControlTooltipCount REG_DWORD 0x5
HistoryViewType REG_BINARY 08006663030000000000
EnableSearchPane REG_DWORD 0x0
ShowedCheckBrowser REG_SZ Yes
Default_Secondary_Page_URL REG_MULTI_SZ [You must be registered and logged in to see this link.]
SearchDefaultBranded REG_DWORD 0x1
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 74B4BC02B979CA01
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 4E69CB37B979CA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 6AB7D937B979CA01
IE8TourNoShow REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} REG_SZ Veoh Web Player Video Finder
{EF99BD32-C1FB-11D2-892F-0090271D4F88} REG_BINARY 00
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} REG_BINARY 00
{71576546-354D-41c9-AAE8-31F2EC22BF0D} REG_SZ WOT
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt


Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\System32\FXSCLNT.exe REG_SZ C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console
C:\WINDOWS\System32\Lexpps.exe REG_SZ C:\WINDOWS\System32\Lexpps.exe:*:Disabled:LEXPPS.EXE
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_App

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_Copy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_Creativity

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_Email

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_Epp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_File

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_OCR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applet_Web

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\audcle

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avira AntiVir Desktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\COMODO Internet Security

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Copy Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cyple_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\drmtool.inf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Photo Print

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Smart Panel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB870669

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928090-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931768-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939653-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971513

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975364-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LTWinModem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mmmusic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mmsounds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mmtitle

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mplibwiz.inf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpxlswiz.inf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpxptray.inf

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSNIACC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MWASPI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PF1250-1650 Guide

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PictureIt_POD_v9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PictureIt_v9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Revo Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Suunto Dive Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Suunto Dive Manager_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh Web Player Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wa2wmp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Live OneCare safety scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMBK2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Works2001Setup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00000000-785F-478A-BAA2-87F1A136068C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00170409-78E1-11D2-B60F-006097C998E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D9EB74-998E-4A04-B468-51C2E7B32182}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24ED4D80-8294-11D5-96CD-0040266301AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216019FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32343DB6-9A52-40C9-87E4-5E7C79791C87}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32F66A20-7614-11D4-BD11-00104BD3F987}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{369B36BE-3D64-4641-9AEA-808D436FE130}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F5B6210-0903-4DC6-8034-8F488AA3A782}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5490882C-6961-11D5-BAE5-00E0188E010B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A3EABC0-CA06-11D4-BF77-00104B130C19}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F7FC79B-3059-4264-9450-39EB368E3220}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4D58580-EA01-11D3-9318-008048B86EFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C769B501-2BE8-46ed-9E69-118F008A0917}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C797EAF2-707A-4239-BDF3-F2672314A734}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D680C913-5955-469D-9D88-C1940F7506D6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D78653C3-A8FF-415F-92E6-D774E634FF2D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB0BB9FA-1B60-4036-8E29-3D56D8085256}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F63BF3C0-D774-11D5-9241-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8D0829C-9C6F-11D3-8080-00C04FA329AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Networks Player - IE


Autorun

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Sun Jun 13, 2010 6:59 pm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
SUPERAntiSpyware REG_SZ "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
Google Update REG_SZ "C:\Documents and Settings\EWJewell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
NVIEW REG_SZ "C:\WINDOWS\system32\rundll32.exe" nview.dll,nViewLoadHook
ctfmon.exe REG_SZ "C:\WINDOWS\system32\ctfmon.exe"

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PrinTray REG_SZ "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe"
nwiz REG_SZ "C:\WINDOWS\system32\nwiz.exe" /install
NvCplDaemon REG_SZ "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
Microsoft Works Portfolio REG_SZ "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
LTWinModem1 REG_SZ "C:\WINDOWS\system32\ltmsg.exe" 9
TangoManager REG_SZ C:\PROGRA~1\DSLTOO~1\DSLTOO~1\app\TANGOM~1.EXE
WorksFUD REG_SZ "C:\Program Files\Microsoft Works\wkfud.exe"
REGSHAVE REG_SZ "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
Microsoft Works Update Detection REG_SZ "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
COMODO Internet Security REG_SZ "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
TraySantaCruz REG_SZ "C:\WINDOWS\system32\tbctray.exe"
SpySweeper REG_SZ "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


Restrictions - Internet Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel


Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


ActiveX


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9B785917-E16B-4A9F-8E73-9D3346E4F0BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E484FD9-67D8-4F9E-8B95-14865C8189EB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{28C19632-0791-4F64-AF13-E4BA22EAD211}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DB6B11F-5453-48B6-AD2F-D64AF7560955}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{662BC058-AA2B-4E4C-B131-9CE341184645}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9014BA2-E8AE-4D3D-81C1-8CFDD5B7736A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4DF8D79-36EB-43BA-9167-C68E239AFBE2}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FBED7CE7-504B-4B3F-90CF-90AEB6304085}


Windows IP Configuration



Host Name . . . . . . . . . . . . : swordfish

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter

Physical Address. . . . . . . . . : 00-02-B3-8F-09-D1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.254.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.254

DHCP Server . . . . . . . . . . . : 192.168.254.254

DNS Servers . . . . . . . . . . . : 192.168.254.254

192.168.254.254

Lease Obtained. . . . . . . . . . : Saturday, June 12, 2010 10:23:50 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ C:\WINDOWS\system32\guard32.dll



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0
LsaPid REG_DWORD 0x2dc
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


SafeBoot



AppCert DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls


Extra

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by Dr Jay on Sun Jun 13, 2010 7:06 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by pdicdiver on Mon Jun 14, 2010 1:18 am

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9dfb69379998ff468a191dafa1bcbb21
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-14 12:41:21
# local_time=2010-06-13 08:41:21 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 94 0 48189451 0 0
# compatibility_mode=3073 16777213 80 89 89769 13350753 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59932
# found=0
# cleaned=0
# scan_time=5157

pdicdiver
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-10-09
OS OS : XP Home SP3
Points Points : 26311
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan-relayer-jolleee

Post by Dr Jay on Mon Jun 14, 2010 6:08 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum