Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » Rootkit? HELP PLEASE MUCH APPRECIATED

Goto page : Previous  1 ... 6 ... 9, 10, 11 ... 16  Next

View previous topic View next topic Go down  Message [Page 10 of 16]

136sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 10:13 am

LFc4


Forum Enthusiast
Forum Enthusiast
PART 2 IT WAS TOO LONG TO POST AS A WHOLE

Searching for "peedupmypc"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54]
"ProductName"="Uniblue SpeedUpMyPC 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54]
"ProductName"="Uniblue SpeedUpMyPC 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54]
"ProductName"="Uniblue SpeedUpMyPC 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54\SourceList]
"PackageName"="speedupmypc2009.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54\SourceList]
"PackageName"="speedupmypc2009.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05C2313825904CC4B92350C29F88D54A]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F177EE1727977C4BA6E4126491FE178]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="02:\SOFTWARE\Uniblue\SpeedUpMyPC\PCHealthStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17DFF541260FB1D44BBB5C4558B84676]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\AvalonCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29421A000D7F517419B8D69679E2FB3C]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B73EB185F52B5740A6224E771074196]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Interop.IWshRuntimeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\328DFD71791E12E4BA65B052C4571FF8]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\UBSysMan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\454F99F159577B74BBF5E86D5285F8B1]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\ICSharpCode.SharpZipLib.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47856E62B2B5FAC4FAB9E0DD9B7110F8]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMPBackend.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B0F2645D5DB5554A9F0F01FFAED0787]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F4253D888EF384799B3A359204B2F5]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Interop.IWshRuntimeLibrary.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6385E92766B93904994CC305C5BC247E]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BEAC73DF58BE04A99885DE6304084D]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\724B6C74B08BE9246B15BAC928B5C05C]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMPBackend.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7255D2C64CFE23E45886F9473C972B1F]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\IsLicense40.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75C1C6C6BD6C78A44B12E85BCAF3FF34]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\764917B6A7575C943A251729EEB46560]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC 2009\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C29AFD9E77750B47B26857F1988AFBA]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC 2009\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82125E59E27DAA54FB15F5E71AF07444]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\PowerSuiteBackendUtils.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84119152E594A8542B9849374C7E4C1D]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="01:\Software\Microsoft\Windows\CurrentVersion\Run\UniblueSpeedUpMyPC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C6D2AD3257BC2A49AA6C7AD95B3186F]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\SUMP.exe.config"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9D2E4FD472417242A26D69ED4F850AC]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C20671782514B404AB836250F79A9E86]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\IsLicense40.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5FBA5C97C895A74DB4FCA630B61E351]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\AvalonCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA7FDF61BE4E409498322869816AA3C5]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="02:\SOFTWARE\Uniblue\SpeedUpMyPC\PCHealthStatus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF61545395C13904B997AD9B2CF36B30]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\IsLicense30.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD2FA0DBB84B78C4A9ACE936947CAFF3]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\PowerSuiteBackendUtils.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E01EADD64B0664E4CAD973C070C11D73]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1CC60C38B540C7418F5BF673827C0F9]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\UBSysMan.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8EC97F4B807B7A4185D087DBE9F03C4]
"0C5F3C32B665B874AA6B91A7AD0D9C54"="C:\Program Files\Uniblue\SpeedUpMyPC\IsLicense30.dll"
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]

Searching for "driverscanner"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue DriverScanner 2009]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Uniblue\DriverScanner]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\C:\Program Files\Uniblue\DriverScanner]
[HKEY_CURRENT_USER\Software\Uniblue\DriverScanner]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B8BEF81-6AFC-4158-986B-DA9E7BC67691}\InprocServer32]
@="C:\Program Files\Uniblue\DriverScanner\license\x32\IsLicense30.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B8BEF81-6AFC-4158-986B-DA9E7BC67691}\InprocServer32]
@="C:\Program Files\Uniblue\DriverScanner\license\x32\IsLicense30.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7]
"ProductName"="Uniblue DriverScanner 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7]
"ProductName"="Uniblue DriverScanner 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7]
"ProductName"="Uniblue DriverScanner 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\SourceList]
"PackageName"="DriverScanner_Setup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7\SourceList]
"PackageName"="DriverScanner_Setup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E80DA777A23B6544FA1E90D4EBEC2B86\SourceList\Net]
"1"="C:\Users\Hussains\AppData\Roaming\Uniblue\DriverScanner\Download\LAN_allOS_13.5_PV_Intel_178791\APPS\PROSETDX\Vista32\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BF1119E-0493-4671-A874-3216154C2022}\1.0\0\win32]
@="C:\Program Files\Uniblue\DriverScanner\license\x32\IsLicense30.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.3\0\win32]
@="C:\Program Files\Uniblue\DriverScanner\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}\5.3\HELPDIR]
@="C:\Program Files\Uniblue\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0785FDC74B8F80C4EA31B60231609F1C]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0874BA494A065594AB64B8DB415CA21D]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\database.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10DB88714618E9B45AB1F1F35BE7FEAE]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\BackupView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\179A7734FCD927B4AA8C6547869D51EE]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\SerialView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17CB72CA077199A4880275882C840C50]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\ScanPluginView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17FD0B3CBC1FFEA44BF16AA395E4295B]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtCore4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FA817263824EBB4A9577DE0F7C3897E]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Users\Hussains\AppData\Roaming\Uniblue\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26883DD7EAD37EE4D9D70104325A69B6]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\imageformats\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\269BB728718FF644DBF78BA97DCEF345]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\283F7126E34D3CE4780AD0019E3662B0]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\DriverScanner.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8CDE7F1606E154588DAA1F9AE62CE2]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\imageformats\qjpeg4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D96FAB9E3EF09B4489A8B1C99C82ED2]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\MessageWindowPlugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FEE5E97A4AE6EF4CB20E731E3BF70D6]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4156C861DB18EC141A75C3C60BE8CD54]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\459B47B0F952875408F8CFEA0249EDB9]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\RestoreView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48301902FD4FD1E4EBE044A25138B9F1]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\rollback\xp\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A3BD8C4670EA584EBE2FEFE44799D5A]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\UniblueComponents.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\510CEE24D744FE6409F7EC1238DA22BA]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\imageformats\qgif4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69CE3B86892636E42B4D914FD61D70F2]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\PresenterCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\707CA7046AF54094694FA1BFD1183DBB]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\UpdatePluginView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75ED9E01013758446A1788AF9E422646]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtGui4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FCCC9D78C5F2C24D81937CDD3E54E3D]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FE2F4E54E675F24FBA9C39394FD9BCB]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\XceedCry.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DEC601553BC6498A3F914E69F9410]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtNetwork4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81BE75356F032DA4389C5EB50BA3F4A4]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner 2009\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A5B43210AA525D4B92A5A014D26553B]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\DriverScannerCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E1A09E444AC817498EEFB8C2CAAD275]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9536672F586D087468843071663C7BEE]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\license\x32\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95FB2CFF06387D74D8D4D0FF63A1B6C9]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\rollback\vista\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9672280245974A8478200E2BE3E607D0]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner 2009\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CD6C3EDD86C2D40865685CEF979091]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A2C35379AEB41748A5B1C8826C494B8]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\difxapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A62F5C9DDDD4E64BA980314D71097FC]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\rollback\xp\DriverScannerApi.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C532FD1A65DC964381AC30604194603]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\Model.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D650D9194CCAEF4BA469B25E2FB4375]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtXml4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A269CA98D83A5D74694349DADC98D3EB]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\LicenseCommon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B04E59A29776B4C4786B4FA8FDB01258]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\LicenseManager.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6A081AA6B3DF88468D3853F40F2EFB8]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\MainPluginView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06173DD25BDD094FAEB9DFECCB034D2]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtDesigner4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C33ABA0210F439648B0F195009A36887]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\license\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A564DE041A15B4AADDCE183DF9A890]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\DriverPresenter.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC33F558EE22019438BDEE554694BD26]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\license\x32\IsLicense30.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D0E3FBEF895BB9A419EBD3C5EC20BF5D]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\ViewPluginLoader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1FF287239069CF4D9DF635E9BFCE70C]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\rollback\vista\DriverScannerApi.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4BD1DB94C22B294192C26871B087819]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\SystemOverview.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D543EF8E25452AC44A36F49699DDE811]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\ProgramData\DriverScanner\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D63741A84031B9D4EA4940F1CA05A642]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtSvg4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8971011213AF254D91275BBFD7ABBD3]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\QtDesignerComponents4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E476A826E6A97B348BAE378B48DA74E0]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\unrar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6663EAAF4EBC914E9018D90DA28F763]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\ProxySettingsView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF9F780A19A275C45BFB39FC55F004A1]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\SettingsPluginView.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C484D69F1D139468A0B49D15DAE2DC]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\designer\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9F1295B8B0F8C5469F36EE8B603B37C]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\rollback\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA5AAB1C05EB2F546AEE7A5A9D542F85]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\ScannerAdaptor.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAF1B8464AB9EE8438F59DB85AF0D6A5]
"647E724C9CE4C3E4AABC6CBBF117D4F7"="C:\Program Files\Uniblue\DriverScanner\UniblueCommon.dll"
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue DriverScanner 2009]
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Uniblue\DriverScanner]
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\C:\Program Files\Uniblue\DriverScanner]
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Uniblue\DriverScanner]

Searching for "registrybooster"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue RegistryBooster 2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB]
"ProductName"="Uniblue RegistryBooster 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB]
"ProductName"="Uniblue RegistryBooster 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB]
"ProductName"="Uniblue RegistryBooster 2009"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB\SourceList]
"PackageName"="Uniblue RegistryBooster.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB\SourceList]
"PackageName"="Uniblue RegistryBooster.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D06B9FD381CD2B49B15D3F6F1544CC0]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\StartRegistryBooster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1F3B1184FAFAD409BCC7336EE835CC]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\update.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B1919891BB37E041AC35D361572D178]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\XceedZip.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DC8225691C60A14B8AFB720D6ADB735]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\KillRBProcess.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C33DD9701CA3EF4881931AA3AF30CC2]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA9003C16FBFACB41AE228E3407C3A9D]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0A1229830FF9C74489BD9895AE0D760]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\UBVarRB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F036CB69E3A2873458AED3A465A3DF28]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD7F2470A6B7B134BA3F5FA70028645C]
"7A43E36E255EB214E904DFF65C22A7AB"="C:\Program Files\Uniblue\RegistryBooster\IniFile.ini"
[HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue RegistryBooster 2009]

-=End Of File=-

137sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 2:33 pm

DragonMaster Jay


Site Owner
Site Owner
This should remove it for good:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    Folder::
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue

    Registry::
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\61803cf6_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\62db6c9b_0]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue DriverScanner 2009]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue RegistryBooster 2009]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]

    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Uniblue]

    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\C:\Program Files\Uniblue]
    [-HKEY_CURRENT_USER\Software\Uniblue]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B8BEF81-6AFC-4158-986B-DA9E7BC67691}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\647E724C9CE4C3E4AABC6CBBF117D4F7]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A43E36E255EB214E904DFF65C22A7AB]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E80DA777A23B6544FA1E90D4EBEC2B86]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BF1119E-0493-4671-A874-3216154C2022}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05C2313825904CC4B92350C29F88D54A]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F177EE1727977C4BA6E4126491FE178]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10DB88714618E9B45AB1F1F35BE7FEAE]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\179A7734FCD927B4AA8C6547869D51EE]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17CB72CA077199A4880275882C840C50]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17DFF541260FB1D44BBB5C4558B84676]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17FD0B3CBC1FFEA44BF16AA395E4295B]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D06B9FD381CD2B49B15D3F6F1544CC0]
    "7A43E36E255EB214E904DFF65C22A7AB"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1F3B1184FAFAD409BCC7336EE835CC]
    "7A43E36E255EB214E904DFF65C22A7AB"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FA817263824EBB4A9577DE0F7C3897E]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26883DD7EAD37EE4D9D70104325A69B6]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\269BB728718FF644DBF78BA97DCEF345]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\283F7126E34D3CE4780AD0019E3662B0]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29421A000D7F517419B8D69679E2FB3C]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B1919891BB37E041AC35D361572D178]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B73EB185F52B5740A6224E771074196]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8CDE7F1606E154588DAA1F9AE62CE2]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\328DFD71791E12E4BA65B052C4571FF8]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D96FAB9E3EF09B4489A8B1C99C82ED2]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\454F99F159577B74BBF5E86D5285F8B1]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\459B47B0F952875408F8CFEA0249EDB9]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47856E62B2B5FAC4FAB9E0DD9B7110F8]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48301902FD4FD1E4EBE044A25138B9F1]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A3BD8C4670EA584EBE2FEFE44799D5A]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B0F2645D5DB5554A9F0F01FFAED0787]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\510CEE24D744FE6409F7EC1238DA22BA]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F4253D888EF384799B3A359204B2F5]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6385E92766B93904994CC305C5BC247E]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BEAC73DF58BE04A99885DE6304084D]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69CE3B86892636E42B4D914FD61D70F2]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E54F97BD28652444BB5245B44472451]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\707CA7046AF54094694FA1BFD1183DBB]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\724B6C74B08BE9246B15BAC928B5C05C]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7255D2C64CFE23E45886F9473C972B1F]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75C1C6C6BD6C78A44B12E85BCAF3FF34]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75ED9E01013758446A1788AF9E422646]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\764917B6A7575C943A251729EEB46560]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C29AFD9E77750B47B26857F1988AFBA]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DC8225691C60A14B8AFB720D6ADB735]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FE2F4E54E675F24FBA9C39394FD9BCB]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DEC601553BC6498A3F914E69F9410]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81BE75356F032DA4389C5EB50BA3F4A4]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82125E59E27DAA54FB15F5E71AF07444]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84119152E594A8542B9849374C7E4C1D]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A5B43210AA525D4B92A5A014D26553B]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C6D2AD3257BC2A49AA6C7AD95B3186F]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9536672F586D087468843071663C7BEE]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95FB2CFF06387D74D8D4D0FF63A1B6C9]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9672280245974A8478200E2BE3E607D0]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CD6C3EDD86C2D40865685CEF979091]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A2C35379AEB41748A5B1C8826C494B8]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A62F5C9DDDD4E64BA980314D71097FC]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C33DD9701CA3EF4881931AA3AF30CC2]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C532FD1A65DC964381AC30604194603]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D650D9194CCAEF4BA469B25E2FB4375]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A269CA98D83A5D74694349DADC98D3EB]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA9003C16FBFACB41AE228E3407C3A9D]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B04E59A29776B4C4786B4FA8FDB01258]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6A081AA6B3DF88468D3853F40F2EFB8]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9D2E4FD472417242A26D69ED4F850AC]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06173DD25BDD094FAEB9DFECCB034D2]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0A1229830FF9C74489BD9895AE0D760]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C20671782514B404AB836250F79A9E86]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C33ABA0210F439648B0F195009A36887]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A564DE041A15B4AADDCE183DF9A890]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5FBA5C97C895A74DB4FCA630B61E351]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA7FDF61BE4E409498322869816AA3C5]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC33F558EE22019438BDEE554694BD26]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF61545395C13904B997AD9B2CF36B30]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D0E3FBEF895BB9A419EBD3C5EC20BF5D]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1FF287239069CF4D9DF635E9BFCE70C]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4BD1DB94C22B294192C26871B087819]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D63741A84031B9D4EA4940F1CA05A642]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8971011213AF254D91275BBFD7ABBD3]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD2FA0DBB84B78C4A9ACE936947CAFF3]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E01EADD64B0664E4CAD973C070C11D73]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1CC60C38B540C7418F5BF673827C0F9]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E476A826E6A97B348BAE378B48DA74E0]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6663EAAF4EBC914E9018D90DA28F763]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF9F780A19A275C45BFB39FC55F004A1]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F036CB69E3A2873458AED3A465A3DF28]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8C484D69F1D139468A0B49D15DAE2DC]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8EC97F4B807B7A4185D087DBE9F03C4]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9F1295B8B0F8C5469F36EE8B603B37C]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA5AAB1C05EB2F546AEE7A5A9D542F85]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAF1B8464AB9EE8438F59DB85AF0D6A5]
    "647E724C9CE4C3E4AABC6CBBF117D4F7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD7F2470A6B7B134BA3F5FA70028645C]
    "7A43E36E255EB214E904DFF65C22A7AB"=-
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\61803cf6_0]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\62db6c9b_0]

    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue DriverScanner 2009]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue RegistryBooster 2009]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Uniblue]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\C:\Program Files\Uniblue]
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.3.false\C:\Program Files\Uniblue]

    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Uniblue]"
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0C5F3C32B665B874AA6B91A7AD0D9C54]
    "ProductName"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05C2313825904CC4B92350C29F88D54A]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F177EE1727977C4BA6E4126491FE178]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17DFF541260FB1D44BBB5C4558B84676]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29421A000D7F517419B8D69679E2FB3C]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B73EB185F52B5740A6224E771074196]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\328DFD71791E12E4BA65B052C4571FF8]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\454F99F159577B74BBF5E86D5285F8B1]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47856E62B2B5FAC4FAB9E0DD9B7110F8]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B0F2645D5DB5554A9F0F01FFAED0787]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59F4253D888EF384799B3A359204B2F5]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6385E92766B93904994CC305C5BC247E]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BEAC73DF58BE04A99885DE6304084D]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\724B6C74B08BE9246B15BAC928B5C05C]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7255D2C64CFE23E45886F9473C972B1F]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75C1C6C6BD6C78A44B12E85BCAF3FF34]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\764917B6A7575C943A251729EEB46560]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C29AFD9E77750B47B26857F1988AFBA]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82125E59E27DAA54FB15F5E71AF07444]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84119152E594A8542B9849374C7E4C1D]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C6D2AD3257BC2A49AA6C7AD95B3186F]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9D2E4FD472417242A26D69ED4F850AC]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C20671782514B404AB836250F79A9E86]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5FBA5C97C895A74DB4FCA630B61E351]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA7FDF61BE4E409498322869816AA3C5]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF61545395C13904B997AD9B2CF36B30]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD2FA0DBB84B78C4A9ACE936947CAFF3]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E01EADD64B0664E4CAD973C070C11D73]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1CC60C38B540C7418F5BF673827C0F9]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8EC97F4B807B7A4185D087DBE9F03C4]
    "0C5F3C32B665B874AA6B91A7AD0D9C54"=-
    [-HKEY_USERS\S-1-5-21-2072669260-3456327829-1688835100-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Uniblue SpeedUpMyPC 2009]
  • Save this as CFScript.txt, in the same location as ComboFix.exe


  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

138sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 3:58 pm

LFc4


Forum Enthusiast
Forum Enthusiast
ComboFix 10-03-06.01 - Hussains 06/03/2010 20:38:16.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.967 [GMT 0:00]
Running from: c:\users\Hussains\Desktop\ComboFix.exe
Command switches used :: c:\users\Hussains\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Uniblue
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner 2009\DriverScanner.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC 2009\SpeedUpMyPC 2009.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner 2009\DriverScanner.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\RegistryBooster\RegistryBooster.lnk
c:\users\All Users\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC 2009\SpeedUpMyPC 2009.lnk

.
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- c:\users\Hussains\AppData\Local\temp
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-03-06 20:49 . 2010-03-06 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 20:22 . 2009-09-21 11:14 8192 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\OpenGLCheck.dll
2010-03-01 20:22 . 2009-08-19 11:40 655872 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\msvcr90.dll
2010-03-01 20:22 . 2009-08-19 11:40 572928 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\msvcp90.dll
2010-03-01 20:22 . 2009-10-08 10:30 13312 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
2010-03-01 20:22 . 2009-09-30 10:41 361472 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\FgPhotofitDll.dll
2010-03-01 20:22 . 2009-09-29 20:29 6144 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
2010-03-01 20:22 . 2009-09-29 20:29 5120 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
2010-03-01 20:22 . 2009-09-29 20:29 9216 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
2010-03-01 20:22 . 2009-08-19 11:40 4178264 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\D3DX9_41.dll
2010-03-01 20:22 . 2009-09-30 19:14 15872 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.XmlSerializers.dll
2010-03-01 20:21 . 2010-03-01 20:21 175616 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\unrar64_nocrypt.dll
2010-03-01 20:21 . 2010-03-01 20:21 150528 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\unrar_nocrypt.dll
2010-03-01 20:21 . 2010-03-01 20:21 30208 ----a-w- c:\users\Hussains\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
2010-03-01 20:21 . 2010-03-01 20:21 -------- d-----w- c:\users\Hussains\AppData\Roaming\EA
2010-03-01 20:08 . 2010-03-01 20:20 -------- d-----w- c:\users\Hussains\AppData\Local\Deployment
2010-03-01 19:53 . 2010-03-02 17:13 -------- d-----w- c:\users\Hussains\AppData\Local\Unity
2010-02-28 19:24 . 2010-03-02 17:13 -------- d-----w- c:\programdata\yahoo!
2010-02-25 19:14 . 2010-02-25 19:14 -------- d-----w- c:\program files\iPod
2010-02-25 19:05 . 2010-02-25 19:05 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-24 01:39 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-23 20:14 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:13 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:13 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:13 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:13 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:13 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:13 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:13 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:13 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 20:13 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 20:13 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 17:52 . 2010-02-22 22:23 -------- d-----w- c:\windows\BDOSCAN8
2010-02-21 23:02 . 2010-02-21 23:02 -------- d-----w- c:\program files\Trend Micro
2010-02-21 04:18 . 2010-02-21 04:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-20 05:18 . 2010-02-20 05:40 -------- d-----w- c:\users\Hussains\AppData\Roaming\ImgBurn
2010-02-20 05:18 . 2010-02-20 05:18 -------- d-----w- c:\program files\ImgBurn
2010-02-20 00:16 . 2010-02-20 00:16 -------- d-----w- c:\program files\ESET
2010-02-19 00:03 . 2010-02-19 00:03 -------- d-----w- c:\users\Hussains\AppData\Roaming\Malwarebytes
2010-02-19 00:03 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 00:03 . 2010-02-19 00:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 00:03 . 2010-02-19 02:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 00:03 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 15:39 . 2010-02-18 15:58 2560 ----a-w- c:\windows\system32\drivers\MCHINJDRV.SYS
2010-02-18 00:12 . 2010-02-27 00:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-18 00:12 . 2010-02-27 00:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-17 23:16 . 2010-02-28 00:27 -------- d-----w- c:\program files\CCleaner
2010-02-17 00:21 . 2010-02-17 00:21 -------- d-----w- c:\windows\Sun
2010-02-16 21:40 . 2010-02-16 21:44 -------- d-----w- c:\program files\AVG
2010-02-16 21:01 . 2010-02-28 00:33 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 19:33 . 2009-09-23 19:44 -------- d-----w- c:\program files\Driving Theory Test Professional
2010-03-02 17:13 . 2009-12-31 00:53 -------- d-----w- c:\program files\Yahoo!
2010-03-01 19:12 . 2009-12-16 16:30 -------- d-----w- c:\users\Hussains\AppData\Roaming\vlc
2010-02-25 19:15 . 2009-12-03 17:04 -------- d-----w- c:\program files\iTunes
2010-02-25 19:14 . 2008-04-19 10:48 -------- d-----w- c:\program files\Common Files\Apple
2010-02-24 09:16 . 2009-10-02 17:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 23:37 . 2007-08-29 10:46 117760 ----a-w- c:\users\Hussains\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 18:23 . 2008-10-17 15:06 -------- d-----w- c:\program files\MagicISO
2010-02-22 17:31 . 2009-06-27 21:45 117760 ----a-w- c:\users\Hussains\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-22 00:08 . 2009-10-03 20:37 -------- d-----w- c:\users\Hussains\AppData\Roaming\U3
2010-02-21 21:01 . 2008-02-24 18:43 1356 ----a-w- c:\users\Hussains\AppData\Local\d3d9caps.dat
2010-02-20 04:32 . 2008-02-09 21:03 -------- d-----w- c:\users\Hussains\AppData\Roaming\uTorrent
2010-02-19 16:59 . 2009-10-18 20:04 -------- d-----w- c:\programdata\NOS
2010-02-18 22:05 . 2009-06-26 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-11 20:57 . 2009-02-17 16:22 -------- d-----w- c:\users\Hussains\AppData\Roaming\Zoom Player
2010-02-10 16:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:39 . 2007-08-29 12:41 -------- d-----w- c:\programdata\Microsoft Help
2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-01-28 16:36 . 2008-02-11 19:24 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-28 16:35 . 2008-02-11 19:18 -------- d-----w- c:\program files\Nokia
2010-01-28 16:34 . 2010-01-28 16:34 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-28 16:27 . 2010-01-28 16:27 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-28 16:27 . 2010-01-28 16:27 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-28 16:27 . 2010-01-28 16:27 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-28 16:27 . 2010-01-28 16:27 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-28 16:27 . 2010-01-28 16:27 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-28 16:27 . 2010-01-28 16:27 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-28 16:26 . 2010-01-28 16:26 -------- d-----w- c:\programdata\OviInstallerCache
2010-01-28 16:26 . 2010-01-28 16:26 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-28 16:04 . 2010-01-28 16:04 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 16:03 . 2008-01-27 17:32 -------- d-----w- c:\program files\Java
2010-01-21 21:59 . 2007-08-23 15:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 19:51 . 2007-08-29 21:00 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-21 19:48 . 2007-08-29 20:16 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-21 19:18 . 2007-08-23 15:49 -------- d-----w- c:\programdata\Roxio
2010-01-21 16:12 . 2010-01-21 16:12 552 ----a-w- c:\users\Hussains\AppData\Local\d3d8caps.dat
2010-01-20 19:00 . 2008-03-26 16:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 23:16 . 2010-01-08 11:35 52224 ----a-w- c:\users\Hussains\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 16:20 . 2010-01-10 20:54 -------- d-----w- c:\programdata\boost_interprocess
2010-01-10 20:55 . 2010-01-10 20:54 -------- d-----w- c:\users\Hussains\AppData\Roaming\Multi File Downloader
2010-01-08 03:07 . 2008-02-11 19:20 -------- d-----w- c:\users\Hussains\AppData\Roaming\Nokia
2010-01-08 03:01 . 2010-01-08 03:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-08 02:54 . 2010-01-08 02:54 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-08 02:54 . 2010-01-08 02:54 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-08 02:54 . 2010-01-08 02:54 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-08 02:54 . 2010-01-08 02:54 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-08 02:54 . 2009-04-08 15:19 -------- d-----w- c:\programdata\Installations
2010-01-08 02:54 . 2010-01-08 02:54 34429264 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2010-01-06 15:38 . 2010-02-23 20:13 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 20:13 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 20:13 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 20:13 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 16:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 16:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 16:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 17:14 . 2008-10-25 19:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 11:43 . 2010-02-10 13:21 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 13:21 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 13:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 13:21 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 13:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 13:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2007-08-23 23:24 . 2007-08-23 23:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2010-03-04_19.15.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-03-06 20:36 82316 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-29 10:46 . 2010-03-06 20:36 19166 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2072669260-3456327829-1688835100-1001_UserData.bin
+ 2007-08-29 10:40 . 2010-03-06 20:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-29 10:40 . 2010-03-04 19:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-29 10:40 . 2010-03-06 20:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-29 10:40 . 2010-03-04 19:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-29 10:40 . 2010-03-06 20:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-08-29 10:40 . 2010-03-04 19:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-29 15:58 . 2010-03-05 19:14 3610 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-08-29 15:58 . 2010-02-25 20:11 3610 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-03-04 19:00 . 2010-03-04 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-06 20:33 . 2010-03-06 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-06 20:33 . 2010-03-06 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-04 19:00 . 2010-03-04 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-08-23 16:03 . 2010-03-06 20:35 102186 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-13 17:51 . 2010-03-06 20:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-13 17:51 . 2010-03-04 17:03 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Google Update"="c:\users\Hussains\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-01 135664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 18:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3d,dc,ef,97,d9,df,c9,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-17 716272]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-04-06 36312]
R2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
R2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
R2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
R2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2009-01-29 102400]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-14 1124848]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-02-17 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-02-17 108904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-02-17 779496]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-08-23 5504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001Core.job
- c:\users\Hussains\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 17:11]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072669260-3456327829-1688835100-1001UA.job
- c:\users\Hussains\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 17:11]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-15 11:22]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{F6BA0F74-53E3-453D-B482-36B19CBCE83A}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hussains\AppData\Roaming\Mozilla\Firefox\Profiles\eyqfb1f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Hussains\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 20:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-06 20:53:11
ComboFix-quarantined-files.txt 2010-03-06 20:53
ComboFix2.txt 2010-03-05 18:28
ComboFix3.txt 2010-03-04 19:19
ComboFix4.txt 2010-02-24 15:14
ComboFix5.txt 2010-03-06 20:36

Pre-Run: 147,049,209,856 bytes free
Post-Run: 146,990,108,672 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CF061D4646E653CCEB25C6C865B2ED39

139sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:07 pm

DragonMaster Jay


Site Owner
Site Owner
Good. Do you see Uniblue Software anymore?


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

140sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:13 pm

LFc4


Forum Enthusiast
Forum Enthusiast
Hello,

Wahey!! No more Uniblue - Really greatfull of your help. Very Happy Razz

Just one query when I create a shortcut of my documents on my desktop it doesn't have the usual documents icon instead it has folder icon; would you know why that is?


Thanks

141sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:26 pm

DragonMaster Jay


Site Owner
Site Owner
The default icon probably changed. Do you install Windows Updates normally? If so, that is what changed the default.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

142sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:31 pm

LFc4


Forum Enthusiast
Forum Enthusiast
Yes i do normally.

anyway my computer just crashed unexpectedly

here is the technical information
***STOP: 0x000000D4 (0xA21DF2A4 0X000000FF 0X00000000 0X83654846)

and also it said "mbr.sys" after the reason why it crashed

Should I be worried?

Thanks

143sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:43 pm

DragonMaster Jay


Site Owner
Site Owner
USB drive trouble. Try to disconnect USB devices, restart your computer, then reconnect USB devices.

It is just a small error, normally resolves itself. It just happens when the USB drive gets overloaded.

No biggie.

Ready to clean up the tools, and learn how to prevent malware in the future? Smile


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

144sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 4:45 pm

LFc4


Forum Enthusiast
Forum Enthusiast
oh right I see It must be due to my keyboard , mouse and printer usb.

Thanks

yer im ready. Very Happy

145sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sat Mar 06, 2010 9:31 pm

DragonMaster Jay


Site Owner
Site Owner
We've got to get rid of those bad restore points, then strengthen the security on your computer.

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

146sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sun Mar 07, 2010 6:50 am

LFc4


Forum Enthusiast
Forum Enthusiast
The following tools/software were still left on my desktop so I deleted them manually:
-mbr
-profiles
-HelpAsst_mebroot_fix
-RootRepeal



The Security check log:



Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 18
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

147sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sun Mar 07, 2010 3:15 pm

DragonMaster Jay


Site Owner
Site Owner
Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


See this page for more info about malware and prevention.

Please leave feedback for The Ultimate Geek TaskForce! by going here


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

148sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sun Mar 07, 2010 4:20 pm

LFc4


Forum Enthusiast
Forum Enthusiast
Hello,


I've left feedback.

Just a few things I don't understand clearly, firstly what is "•hpHosts file" and secondly should SpywareBlaster be running at all times because when I cross it out it doesn't display on the tray; I've tried researching about it on the their site but found nothing.


Thanks

149sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Sun Mar 07, 2010 9:59 pm

DragonMaster Jay


Site Owner
Site Owner
The hpHosts file replaces the original HOSTS file on your computer. A HOSTS file is a file that works with Internet Explorer, to help block known adware and malware websites, to help protect you. By downloading and installing the hpHosts file, you are allowing this functionality for your computer. It helps to prevent malware and secure your browsing experience.

No. Run SpywareBlaster once, then it will already have made the necessary changes and patches to the system to prevent spyware. About once a month, at least, update SpywareBlaster, and run it again.

Any more questions?


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

150sad Re: Rootkit? HELP PLEASE MUCH APPRECIATED on Mon Mar 08, 2010 11:19 am

LFc4


Forum Enthusiast
Forum Enthusiast
Hello,

Thank you for the above explanation; it is very clear to me now and will download the host file but for some reason at the moment the site does not seem to be working.

Also the information on malware and how to protect against it was very helpful because the information provided makes understanding malware and its properties and the types of it more clearer.

The only question that I have now is does Spyware blaster conflict with Mcafee or AVG(when I download because of Mcafee expiring)?

....And is my computer totally virus free and clean ?

Thanks

Ad Bot

View previous topic View next topic Back to top  Message [Page 10 of 16]

Goto page : Previous  1 ... 6 ... 9, 10, 11 ... 16  Next

SecuraGeek Forums » Malware/Threat Removal » Rootkit? HELP PLEASE MUCH APPRECIATED

Permissions in this forum:
You cannot reply to topics in this forum