Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » Hiya, I'd like some help.

Goto page : 1, 2  Next

View previous topic View next topic Go down  Message [Page 1 of 2]

1 Hiya, I'd like some help. on Sun Jun 20, 2010 1:43 am

ibae


Member
Member
So I followed the directions on the "Read before posting your log" thread and so here are my log files, first the MBAM log, and then the MySystem-Search (MSS) log. It would be of my best interest to leave reinstalling Windows Vista, for I have a good amount of important files that I'd like to keep. Thanks in advance for your help! Let me know if you guys need anything more. Smile

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4217

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/20/2010 1:22:06 AM
mbam-log-2010-06-20 (01-22-06).txt

Scan type: Quick scan
Objects scanned: 142597
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:44 am

ibae


Member
Member
MySystem-Search

Run on 06/20/2010 at 1:29:37

MSS v1.4


Basic System Information


Host Name: BOB
OS Name: Microsoftr Windows VistaT Home Premium
OS Version: 6.0.6002 Service Pack 2 Build 6002
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Elmo
Registered Organization:
Product ID: 89578-OEM-7332157-00204
Original Install Date: 8/13/2007, 5:12:34 PM
System Boot Time: 6/20/2010, 1:25:14 AM
System Manufacturer: Dell Inc.
System Model: Inspiron 1520
System Type: X86-based PC
Processor(s): 1 Processor(s) Installed.
[01]: x64 Family 6 Model 15 Stepping 10 GenuineIntel ~2001 Mhz
BIOS Version: Dell Inc. A00, 5/16/2007
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume3
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT-05:00) Eastern Time (US & Canada)
Total Physical Memory: 2,045 MB
Available Physical Memory: 1,080 MB
Page File: Max Size: 4,330 MB
Page File: Available: 3,242 MB
Page File: In Use: 1,088 MB
Page File Location(s): C:\pagefile.sys
Domain: WORK
Logon Server: \\BOB
Hotfix(s): 245 Hotfix(s) Installed.
[01]: {FA2BE2B2-0B2C-4C9F-89E4-88AF93E975F4}
[02]: {A73FDC4C-93C9-4AAE-A635-B9B318A94DA0} - Microsoft Works 8.0 installation.
[03]: KB937286
[04]: KB971513
[05]: KB971512
[06]: 944036
[07]: KB936387 - .Net Framework 2.0 RTM x86 ko-KR
[08]: KB936433 - .Net Framework 3.0 RTM x86 ko-KR
[09]: 928439
[10]: KB960362
[11]: KB971514
[12]: KB925902
[13]: KB927084
[14]: KB928135
[15]: KB928190
[16]: KB928253
[17]: KB929011
[18]: KB929399
[19]: KB929577
[20]: KB929615
[21]: KB929685
[22]: KB929735
[23]: KB929761
[24]: KB929762
[25]: KB929763
[26]: KB929777
[27]: KB929909
[28]: KB929913
[29]: KB930163
[30]: KB930178
[31]: KB930568
[32]: KB930857
[33]: KB931099
[34]: KB931174
[35]: KB931573
[36]: KB931621
[37]: KB932094
[38]: KB932309
[39]: KB932471
[40]: KB932818
[41]: KB933579
[42]: KB933729
[43]: KB934237
[44]: KB936003
[45]: KB936021
[46]: KB936357
[47]: KB936782
[48]: KB936825
[49]: KB937077
[50]: KB938127
[51]: KB939159
[52]: KB941202
[53]: KB941229
[54]: KB941568
[55]: KB941569
[56]: KB941644
[57]: KB943055
[58]: KB943078
[59]: KB945553
[60]: KB946026
[61]: KB946456
[62]: KB947172
[63]: KB905866
[64]: KB928089
[65]: KB929123
[66]: KB929916
[67]: KB931213
[68]: KB931768
[69]: KB932246
[70]: KB933928
[71]: KB935280
[72]: KB935807
[73]: KB936824
[74]: KB937287
[75]: KB938123
[76]: KB938194
[77]: KB938371
[78]: KB938464
[79]: KB938979
[80]: KB941649
[81]: KB941651
[82]: KB941693
[83]: KB942615
[84]: KB942624
[85]: KB942763
[86]: KB943302
[87]: KB943411
[88]: KB943899
[89]: KB944533
[90]: KB946041
[91]: KB947562
[92]: KB947864
[93]: KB948590
[94]: KB948609
[95]: KB948610
[96]: KB948881
[97]: KB950124
[98]: KB950125
[99]: KB950126
[100]: KB950582
[101]: KB950759
[102]: KB950760
[103]: KB950762
[104]: KB950974
[105]: KB951066
[106]: KB951072
[107]: KB951376
[108]: KB951618
[109]: KB951698
[110]: KB951978
[111]: KB952004
[112]: KB952069
[113]: KB952287
[114]: KB952709
[115]: KB953155
[116]: KB953733
[117]: KB953838
[118]: KB953839
[119]: KB954154
[120]: KB954155
[121]: KB954211
[122]: KB954366
[123]: KB954459
[124]: KB955020
[125]: KB955069
[126]: KB955302
[127]: KB955430
[128]: KB955519
[129]: KB955839
[130]: KB956390
[131]: KB956391
[132]: KB956572
[133]: KB956744
[134]: KB956802
[135]: KB956841
[136]: KB957095
[137]: KB957097
[138]: KB957200
[139]: KB957321
[140]: KB957388
[141]: KB958215
[142]: KB958481
[143]: KB958483
[144]: KB958623
[145]: KB958624
[146]: KB958644
[147]: KB958687
[148]: KB958690
[149]: KB959108
[150]: KB959130
[151]: KB959426
[152]: KB959772
[153]: KB960225
[154]: KB960544
[155]: KB960714
[156]: KB960715
[157]: KB960803
[158]: KB961260
[159]: KB961371
[160]: KB961501
[161]: KB963027
[162]: KB967632
[163]: KB967723
[164]: KB968389
[165]: KB968537
[166]: KB968816
[167]: KB969897
[168]: KB969897
[169]: KB969898
[170]: KB969947
[171]: KB970238
[172]: KB970430
[173]: KB970653
[174]: KB970710
[175]: KB971180
[176]: KB971468
[177]: KB971486
[178]: KB971557
[179]: KB971657
[180]: KB971737
[181]: KB971930
[182]: KB971961
[183]: KB972036
[184]: KB972145
[185]: KB972260
[186]: KB972270
[187]: KB972636
[188]: KB973346
[189]: KB973507
[190]: KB973525
[191]: KB973540
[192]: KB973565
[193]: KB973687
[194]: KB973768
[195]: KB973874
[196]: KB973917
[197]: KB974145
[198]: KB974306
[199]: KB974318
[200]: KB974455
[201]: KB974470
[202]: KB974571
[203]: KB975364
[204]: KB975467
[205]: KB975517
[206]: KB975560
[207]: KB975561
[208]: KB975929
[209]: KB976098
[210]: KB976264
[211]: KB976325
[212]: KB976470
[213]: KB976662
[214]: KB976749
[215]: KB976768
[216]: KB976772
[217]: KB977165
[218]: KB977816
[219]: KB978207
[220]: KB978251
[221]: KB978262
[222]: KB978338
[223]: KB978506
[224]: KB978542
[225]: KB978601
[226]: KB979099
[227]: KB979306
[228]: KB979309
[229]: KB979482
[230]: KB979559
[231]: KB979683
[232]: KB979910
[233]: KB980182
[234]: KB980195
[235]: KB980218
[236]: KB980232
[237]: KB980248
[238]: KB980302
[239]: KB980842
[240]: KB981332
[241]: KB981793
[242]: KB982381
[243]: KB982632
[244]: KB948465
[245]: 940157
Network Card(s): 2 NIC(s) Installed.
[01]: Broadcom 440x 10/100 Integrated Controller
Connection Name: Local Area Connection
Status: Media disconnected
[02]: Dell Wireless 1390 WLAN Mini-Card
Connection Name: Wireless Network Connection
DHCP Enabled: Yes
DHCP Server: 192.168.1.1
IP address(es)
[01]: 192.168.1.64
[02]: fe80::cc7f:d3a4:6a17:1fbe

3 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:45 am

ibae


Member
Member
CD Emulation Drivers running?

DAEMON Tools/Duplex Secure found!
ImgBurn found!
Roxio found!


Peer-to-Peer applications?

uTorrent found!


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile


Running processes


Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1,632 K
smss.exe 484 Services 0 660 K
csrss.exe 552 Services 0 4,912 K
wininit.exe 604 Services 0 3,376 K
csrss.exe 616 Console 1 9,664 K
services.exe 648 Services 0 6,020 K
lsass.exe 660 Services 0 7,060 K
lsm.exe 668 Services 0 4,412 K
winlogon.exe 832 Console 1 4,972 K
svchost.exe 856 Services 0 5,724 K
nvvsvc.exe 916 Services 0 3,160 K
svchost.exe 944 Services 0 5,460 K
svchost.exe 1000 Services 0 33,812 K
svchost.exe 1092 Services 0 10,456 K
svchost.exe 1160 Services 0 66,344 K
svchost.exe 1176 Services 0 22,884 K
audiodg.exe 1256 Services 0 12,300 K
svchost.exe 1284 Services 0 4,004 K
SLsvc.exe 1300 Services 0 6,244 K
svchost.exe 1328 Services 0 9,972 K
svchost.exe 1444 Services 0 16,688 K
nvvsvc.exe 1480 Console 1 5,256 K
WLTRYSVC.EXE 1672 Services 0 2,212 K
BCMWLTRY.EXE 1684 Services 0 15,956 K
aswUpdSv.exe 1700 Services 0 292 K
ashServ.exe 1716 Services 0 28,032 K
spoolsv.exe 2044 Services 0 7,696 K
svchost.exe 284 Services 0 17,336 K
AppleMobileDeviceService. 1420 Services 0 3,556 K
NServiceEntry.exe 1620 Services 0 7,084 K
PresentationFontCache.exe 1652 Services 0 6,708 K
LVPrcSrv.exe 732 Services 0 3,796 K
MotoConnectService.exe 2060 Services 0 3,548 K
svchost.exe 2104 Services 0 5,192 K
RoxWatch9.exe 2116 Services 0 7,160 K
svchost.exe 2244 Services 0 5,240 K
ViewpointService.exe 2268 Services 0 3,628 K
svchost.exe 2296 Services 0 1,860 K
SearchIndexer.exe 2328 Services 0 14,668 K
XAudio.exe 2400 Services 0 2,072 K
SDWinSec.exe 2480 Services 0 6,924 K
ashMaiSv.exe 2760 Services 0 1,224 K
ashWebSv.exe 2780 Services 0 7,976 K
taskeng.exe 2828 Services 0 5,060 K
WmiPrvSE.exe 3188 Services 0 12,712 K
dwm.exe 3564 Console 1 3,468 K
taskeng.exe 3608 Console 1 7,872 K
explorer.exe 3632 Console 1 34,536 K
ashDisp.exe 3972 Console 1 1,576 K
MotoConnect.exe 3984 Console 1 13,940 K
SynTPEnh.exe 2236 Console 1 5,096 K
rundll32.exe 2316 Console 1 3,388 K
LWS.exe 1860 Console 1 9,812 K
iTunesHelper.exe 2724 Console 1 10,056 K
GrooveMonitor.exe 2732 Console 1 6,508 K
WLTRAY.EXE 880 Console 1 13,464 K
TeaTimer.exe 2824 Console 1 123,268 K
ehtray.exe 2848 Console 1 1,016 K
DTLite.exe 2952 Console 1 8,868 K
DLG.exe 3228 Console 1 3,844 K
quickset.exe 1408 Console 1 9,080 K
ehmsas.exe 2616 Console 1 3,772 K
WmiPrvSE.exe 3756 Services 0 6,436 K
unsecapp.exe 3952 Console 1 4,088 K
iPodService.exe 1608 Services 0 5,080 K
SearchProtocolHost.exe 2508 Services 0 8,736 K
conime.exe 2264 Console 1 3,332 K
WmiPrvSE.exe 2500 Services 0 5,316 K
TrustedInstaller.exe 3964 Services 0 33,976 K
wmpnetwk.exe 4080 Services 0 8,464 K
SearchFilterHost.exe 3444 Services 0 4,796 K
mss.exe 3068 Console 1 3,576 K
cmd.exe 1632 Console 1 2,432 K
tasklist.exe 3312 Console 1 4,604 K


Hidden objects

PATH: C:\windows

Installer
QTFont.qfn
WindowsShell.Manifest
yessign


PATH: C:\windows\system32

%APPDATA%
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
desktop.ini
GroupPolicy
hamachi.sys


PATH: C:\windows\system32\drivers

hamachi.sys
Msft_Kernel_NuidFltr_01005.Wdf
Msft_Kernel_SynTP_01000.Wdf
Msft_User_WpdFs_01_00_00.Wdf
Msft_User_WpdFs_01_07_00.Wdf
Msft_User_WpdMtpDr_01_00_00.Wdf
Msft_User_WpdMtpDr_01_07_00.Wdf


PATH: C:\

$Recycle.Bin
Boot
bootmgr
Config.Msi
dell.sdr
Documents and Settings
IO.SYS
IPH.PH
MSDOS.SYS
MSOCache
pagefile.sys
ProgramData
System Volume Information
Vault
XecureSSL


User Profile check

Administrator
Elmo
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2581296474-4004132396-1459460041-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Elmo
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 0105000000000005150000005A75DB992C36AAEEC997FD56E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x2
RunLogonScriptSync REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2581296474-4004132396-1459460041-500
ProfileImagePath REG_EXPAND_SZ C:\Users\Administrator
Flags REG_DWORD 0x0
State REG_DWORD 0x100
Sid REG_BINARY 0105000000000005150000005A75DB992C36AAEEC997FD56F4010000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0



Current Scheduled Tasks

PATH: C:\Windows\Tasks

GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000Core.job
GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000UA.job
GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500Core.job
GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500UA.job
SCHEDLGU.TXT
Spybot - Search & Destroy - Scheduled Task.job
Spybot - Search & Destroy Updater - Scheduled Task.job
SpyHunter Scanner.job
SA.DAT
User_Feed_Synchronization-{75750F29-32CD-46E9-AC03-910F4F4C582C}.job

4 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:45 am

ibae


Member
Member
Windows Drivers and NT-Services

Volume in drive C is OS
Volume Serial Number is 8ABB-4508

Directory of C:\Windows\System32\Drivers

09/23/2009 10:41 AM 26,176 hamachi.sys
06/10/2008 01:57 AM 0 Msft_Kernel_NuidFltr_01005.Wdf
08/13/2007 05:10 PM 0 Msft_Kernel_SynTP_01000.Wdf
08/11/2008 01:47 PM 0 Msft_User_WpdFs_01_00_00.Wdf
11/17/2009 08:47 PM 0 Msft_User_WpdFs_01_07_00.Wdf
08/05/2009 12:16 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
11/17/2009 08:48 PM 0 Msft_User_WpdMtpDr_01_07_00.Wdf
7 File(s) 26,176 bytes
0 Dir(s) 14,428,491,776 bytes free
Volume in drive C is OS
Volume Serial Number is 8ABB-4508

Directory of C:\Windows\System32\Drivers

12/05/2005 11:28 PM 142,848 lvmjpeg.sys
12/09/2005 03:37 PM 16,768 LVPrcMon.sys
06/19/2006 05:26 PM 12,672 mdmxsdk.sys
07/24/2006 04:00 AM 2,560 cdralw2k.sys
07/24/2006 04:00 AM 2,432 cdr4_xp.sys
08/04/2006 08:39 PM 8,192 XAudio.sys
08/04/2006 08:39 PM 386,560 XAudio.exe
09/18/2006 05:26 PM 3,440,660 gm.dls
09/18/2006 05:26 PM 646 gmreadme.txt
09/29/2006 04:14 PM 144,360 del1028.cty
10/01/2006 05:10 PM 328,162 ativcaxx.cpa
10/01/2006 05:10 PM 929 ativcaxx.vp
10/01/2006 05:10 PM 2,096 ativpkxx.vp
10/01/2006 05:10 PM 2,096 ativokxx.vp
10/15/2006 05:11 PM 34,656 ativvpxx.vp
11/02/2006 02:37 AM 20,480 secdrv.sys
11/02/2006 03:30 AM 117,760 E1G60I32.sys
11/02/2006 03:30 AM 200,704 e1e6032.sys
11/02/2006 03:36 AM 2,028,032 atikmdag.sys
11/02/2006 03:36 AM 20,608 ntrigdigi.sys
11/02/2006 04:24 AM 62,336 BrSerWdm.sys
11/02/2006 04:24 AM 12,160 BrUsbMdm.sys
11/02/2006 04:24 AM 13,568 BrFiltLo.sys
11/02/2006 04:24 AM 5,248 BrFiltUp.sys
11/02/2006 04:24 AM 11,904 BrUsbSer.sys
11/02/2006 04:25 AM 71,808 BrSerId.sys
11/02/2006 04:30 AM 38,400 processr.sys
11/02/2006 04:30 AM 40,960 amdk8.sys
11/02/2006 04:30 AM 38,912 amdk7.sys
11/02/2006 04:30 AM 38,912 crusoe.sys
11/02/2006 04:30 AM 39,424 viac7.sys
11/02/2006 04:42 AM 65,536 IPMIDrv.sys
11/02/2006 04:51 AM 8,704 parvdm.sys
11/02/2006 04:51 AM 17,920 serenum.sys
11/02/2006 04:51 AM 79,360 parport.sys
11/02/2006 04:51 AM 83,456 serial.sys
11/02/2006 04:51 AM 20,480 flpydisk.sys
11/02/2006 04:51 AM 25,088 fdc.sys
11/02/2006 04:51 AM 12,800 sffp_mmc.sys
11/02/2006 04:51 AM 13,312 sfloppy.sys
11/02/2006 04:52 AM 20,608 wacompen.sys
11/02/2006 04:53 AM 26,112 vgapnp.sys
11/02/2006 04:55 AM 21,504 hidir.sys
11/02/2006 04:55 AM 19,456 usbohci.sys
11/02/2006 04:55 AM 35,328 circlass.sys
11/02/2006 04:55 AM 68,608 usbcir.sys
11/02/2006 04:55 AM 29,184 hidbth.sys
11/02/2006 04:55 AM 39,936 bthmodem.sys
11/02/2006 05:04 AM 878,080 PEAuth.sys
11/02/2006 05:49 AM 16,488 i2omgmt.sys
11/02/2006 05:49 AM 19,560 wd.sys
11/02/2006 05:49 AM 22,632 crcdisk.sys
11/02/2006 05:49 AM 27,752 i2omp.sys
11/02/2006 05:49 AM 28,776 megasas.sys
11/02/2006 05:49 AM 31,848 sym_hi.sys
11/02/2006 05:49 AM 33,384 Mraid35x.sys
11/02/2006 05:49 AM 56,936 UAGP35.SYS
11/02/2006 05:50 AM 34,920 sym_u3.sys
11/02/2006 05:50 AM 58,984 GAGP30KX.SYS
11/02/2006 05:50 AM 65,640 lsi_fc.sys
11/02/2006 05:50 AM 35,944 symc8xx.sys
11/02/2006 05:50 AM 65,640 lsi_sas.sys
11/02/2006 05:50 AM 35,944 iteatapi.sys
11/02/2006 05:50 AM 35,944 iteraid.sys
11/02/2006 05:50 AM 67,688 arc.sys
11/02/2006 05:50 AM 65,640 lsi_scsi.sys
11/02/2006 05:50 AM 37,480 HpCISSs.sys
11/02/2006 05:50 AM 38,504 sisraid2.sys
11/02/2006 05:50 AM 67,688 arcsas.sys
11/02/2006 05:50 AM 71,272 djsvs.sys
11/02/2006 05:50 AM 40,040 nvstor.sys
11/02/2006 05:50 AM 76,392 sbp2port.sys
11/02/2006 05:50 AM 71,784 sisraid4.sys
11/02/2006 05:50 AM 78,952 mpio.sys
11/02/2006 05:50 AM 41,576 iirsp.sys
11/02/2006 05:50 AM 80,488 msdsm.sys
11/02/2006 05:50 AM 45,160 nfrd960.sys
11/02/2006 05:50 AM 88,680 nvraid.sys
11/02/2006 05:50 AM 98,408 ulsata.sys
11/02/2006 05:50 AM 98,408 adpu160m.sys
11/02/2006 05:50 AM 106,088 ql40xx.sys
11/02/2006 05:50 AM 112,232 vsmraid.sys
11/02/2006 05:50 AM 115,816 ulsata2.sys
11/02/2006 05:51 AM 147,048 adpu320.sys
11/02/2006 05:51 AM 167,528 pcmcia.sys
11/02/2006 05:51 AM 232,040 iaStorV.sys
11/02/2006 05:51 AM 235,112 uliahci.sys
11/02/2006 05:51 AM 297,576 adpahci.sys
11/02/2006 05:51 AM 316,520 elxstor.sys
11/02/2006 05:51 AM 420,968 adp94xx.sys
11/02/2006 05:51 AM 900,712 ql2300.sys
11/02/2006 10:42 PM 659,968 HSX_CNXT.sys
11/02/2006 10:42 PM 206,848 HSXHWAZL.sys
11/02/2006 10:43 PM 986,624 HSX_DPV.sys
11/21/2006 08:25 AM 45,568 bcm4sbxp.sys
11/27/2006 03:48 AM 32,256 rimmptsk.sys
11/27/2006 03:48 AM 43,520 rimsptsk.sys
11/27/2006 03:48 AM 37,376 rixdptsk.sys
12/14/2006 09:40 PM 1,513,120 lvpopflt.sys
12/14/2006 09:41 PM 41,248 LVUSBSta.sys
12/18/2006 02:21 PM 69,592 LVFaL000.cfg
12/18/2006 02:21 PM 85,302 LVFeL002.cfg
12/18/2006 02:21 PM 146,680 LVFeL001.cfg
12/18/2006 02:21 PM 227,172 LVFeL000.cfg
12/22/2006 12:30 PM 1,683,232 Lvckap.sys
12/22/2006 12:32 PM 1,963,680 LVMVdrv.sys
01/15/2007 06:18 PM 9,728 nuidfltr.sys
02/12/2007 05:36 PM 277,784 iaStor.sys
03/07/2007 07:51 PM 43,528 pxhelp20.sys
03/21/2007 03:33 PM 534,016 BCMWL6.SYS
04/27/2007 08:35 PM 182,456 SynTP.sys
05/16/2007 11:42 AM 13,440 ntcdrdrv.sys
08/14/2007 12:59 AM 4,811 1028_Dell_INS_I1520.mrk
08/14/2007 01:02 AM 53,352 SISAGP.SYS
08/14/2007 01:02 AM 58,472 ULIAGPKX.SYS
08/14/2007 01:02 AM 106,600 NV_AGP.SYS
08/14/2007 01:02 AM 53,864 AGP440.sys
08/14/2007 01:02 AM 47,208 isapnp.sys
08/14/2007 01:02 AM 54,376 VIAAGP.SYS
08/14/2007 01:02 AM 242,688 rdpdr.sys
08/14/2007 01:02 AM 54,888 AMDAGP.SYS
08/14/2007 01:03 AM 17,592 intelide.sys
08/14/2007 01:03 AM 19,128 cmdide.sys
08/14/2007 01:03 AM 25,784 msahci.sys
08/14/2007 01:03 AM 17,592 aliide.sys
08/14/2007 01:03 AM 20,152 viaide.sys
08/14/2007 01:03 AM 18,104 amdide.sys
01/05/2008 07:31 AM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/19/2008 01:27 AM 41,472 intelppm.sys
01/19/2008 01:27 AM 12,800 fs_rec.sys
01/19/2008 01:28 AM 70,144 cdfs.sys
01/19/2008 01:28 AM 22,528 msfs.sys
01/19/2008 01:28 AM 69,632 bowser.sys
01/19/2008 01:30 AM 27,648 filetrace.sys
01/19/2008 01:30 AM 84,480 luafv.sys
01/19/2008 01:32 AM 11,264 wmiacpi.sys
01/19/2008 01:32 AM 14,208 CmBatt.sys
01/19/2008 01:36 AM 13,312 dxapi.sys
01/19/2008 01:49 AM 6,144 beep.sys
01/19/2008 01:49 AM 4,608 null.sys
01/19/2008 01:49 AM 19,968 sermouse.sys
01/19/2008 01:49 AM 15,872 mouhid.sys
01/19/2008 01:49 AM 5,888 mspclock.sys
01/19/2008 01:49 AM 54,784 i8042prt.sys
01/19/2008 01:49 AM 5,504 mspqm.sys
01/19/2008 01:49 AM 6,016 mstee.sys
01/19/2008 01:49 AM 8,192 mskssrv.sys
01/19/2008 01:49 AM 17,408 smclib.sys
01/19/2008 01:49 AM 13,312 sffdisk.sys
01/19/2008 01:49 AM 24,576 tape.sys
01/19/2008 01:49 AM 18,944 mcd.sys
01/19/2008 01:52 AM 25,088 vga.sys
01/19/2008 01:52 AM 110,080 videoprt.sys
01/19/2008 01:52 AM 41,984 monitor.sys
01/19/2008 01:52 AM 51,200 WUDFPf.sys
01/19/2008 01:53 AM 83,328 WUDFRd.sys
01/19/2008 01:53 AM 5,632 drmkaud.sys
01/19/2008 01:53 AM 25,472 hidparse.sys
01/19/2008 01:53 AM 5,888 usbd.sys
01/19/2008 01:53 AM 23,552 usbuhci.sys
01/19/2008 01:53 AM 53,376 1394bus.sys
01/19/2008 01:53 AM 73,216 usbccgp.sys
01/19/2008 01:53 AM 12,288 bdasup.sys
01/19/2008 01:53 AM 134,016 usbvideo.sys
01/19/2008 01:53 AM 7,680 umpass.sys
01/19/2008 01:53 AM 34,816 umbus.sys
01/19/2008 01:54 AM 64,000 mpsdrv.sys
01/19/2008 01:55 AM 47,104 lltdio.sys
01/19/2008 01:55 AM 60,416 rspndr.sys
01/19/2008 01:55 AM 13,312 irenum.sys
01/19/2008 01:55 AM 95,744 irda.sys
01/19/2008 01:55 AM 16,896 ndisuio.sys
01/19/2008 01:55 AM 15,360 TUNMP.SYS
01/19/2008 01:55 AM 35,840 netbios.sys
01/19/2008 01:55 AM 16,384 nsiproxy.sys
01/19/2008 01:56 AM 31,232 qwavedrv.sys
01/19/2008 01:56 AM 47,616 ipfltdrv.sys
01/19/2008 01:56 AM 20,992 ndistapi.sys
01/19/2008 01:56 AM 49,664 ndproxy.sys
01/19/2008 01:56 AM 100,864 ipnat.sys
01/19/2008 01:56 AM 17,408 asyncmac.sys
01/19/2008 01:56 AM 11,776 rasacd.sys
01/19/2008 01:56 AM 62,464 wanarp.sys
01/19/2008 01:56 AM 76,288 rasl2tp.sys
01/19/2008 01:56 AM 62,976 raspptp.sys
01/19/2008 01:56 AM 15,872 ws2ifsl.sys
01/19/2008 01:57 AM 20,992 tdi.sys
01/19/2008 01:57 AM 8,192 rootmdm.sys
01/19/2008 01:57 AM 31,744 modem.sys
01/19/2008 02:01 AM 17,920 tdpipe.sys
01/19/2008 02:01 AM 29,184 tdtcp.sys
01/19/2008 02:01 AM 6,144 RDPCDD.sys
01/19/2008 02:01 AM 6,144 RDPENCDD.sys
01/19/2008 02:01 AM 23,552 tssecsrv.sys
01/19/2008 02:14 AM 18,944 usbprint.sys
01/19/2008 02:53 AM 130,048 drmk.sys
01/19/2008 03:41 AM 16,440 msisadrv.sys
01/19/2008 03:41 AM 15,288 swenum.sys
01/19/2008 03:41 AM 17,976 wmilib.sys
01/19/2008 03:41 AM 20,792 compbatt.sys
01/19/2008 03:41 AM 21,048 spldr.sys
01/19/2008 03:41 AM 28,216 battc.sys
01/19/2008 03:41 AM 31,288 mssmbios.sys
01/19/2008 03:41 AM 35,384 kbdclass.sys
01/19/2008 03:41 AM 34,360 mouclass.sys
01/19/2008 03:41 AM 35,896 WdfLdr.sys
01/19/2008 03:42 AM 142,904 scsiport.sys
01/19/2008 03:42 AM 52,792 volmgr.sys
01/19/2008 03:42 AM 57,400 mountmgr.sys
01/19/2008 03:42 AM 58,936 fileinfo.sys
01/19/2008 03:43 AM 503,864 Wdf01000.sys
03/14/2008 02:04 AM 46,652 scdemu.sys
06/30/2008 11:16 PM 18,912 lmvac.sys
08/03/2008 03:44 PM 22,328 PnkBstrK.sys
08/08/2008 06:04 PM 4,224 a781.sys
10/18/2008 01:32 AM 79,104 Mkd2Nadr.sys
10/18/2008 01:32 AM 131,072 Mkd2kfNT.sys
04/10/2009 10:52 PM 684,032 spsys.sys
04/11/2009 12:13 AM 142,848 fastfat.sys
04/11/2009 12:13 AM 136,704 exfat.sys
04/11/2009 12:13 AM 226,816 udfs.sys
04/11/2009 12:14 AM 35,328 npfs.sys
04/11/2009 12:14 AM 75,264 dfsc.sys
04/11/2009 12:14 AM 225,280 rdbss.sys
04/11/2009 12:14 AM 114,688 mrxdav.sys
04/11/2009 12:19 AM 89,088 sdbus.sys
04/11/2009 12:22 AM 33,280 watchdog.sys
04/11/2009 12:23 AM 76,288 dxg.sys
04/11/2009 12:38 AM 17,408 kbdhid.sys
04/11/2009 12:38 AM 149,504 ks.sys
04/11/2009 12:39 AM 19,456 Diskdump.sys
04/11/2009 12:39 AM 11,776 sffp_sd.sys
04/11/2009 12:39 AM 67,072 cdrom.sys
04/11/2009 12:42 AM 561,152 hdaudbus.sys
04/11/2009 12:42 AM 52,992 stream.sys
04/11/2009 12:42 AM 39,424 hidclass.sys
04/11/2009 12:42 AM 12,800 hidusb.sys
04/11/2009 12:42 AM 167,936 portcls.sys
04/11/2009 12:42 AM 39,936 usbehci.sys
04/11/2009 12:42 AM 73,216 USBAUDIO.sys
04/11/2009 12:42 AM 65,536 USBSTOR.SYS
04/11/2009 12:42 AM 25,856 USBCAMD.sys
04/11/2009 12:42 AM 25,856 USBCAMD2.sys
04/11/2009 12:42 AM 226,304 usbport.sys
04/11/2009 12:43 AM 236,544 HdAudio.sys
04/11/2009 12:43 AM 62,208 ohci1394.sys
04/11/2009 12:43 AM 196,096 usbhub.sys
04/11/2009 12:43 AM 148,480 nwifi.sys
04/11/2009 12:45 AM 66,560 smb.sys
04/11/2009 12:45 AM 113,664 rmcast.sys
04/11/2009 12:45 AM 185,856 netbt.sys
04/11/2009 12:45 AM 72,192 pacer.sys
04/11/2009 12:45 AM 72,192 tdx.sys
04/11/2009 12:46 AM 33,280 RNDISMP.sys
04/11/2009 12:46 AM 15,872 usb8023.sys
04/11/2009 12:46 AM 41,472 raspppoe.sys
04/11/2009 12:46 AM 121,344 ndiswan.sys
04/11/2009 12:46 AM 69,120 rassstp.sys
04/11/2009 12:47 AM 273,920 afd.sys
04/11/2009 12:51 AM 180,736 rdpwd.sys
04/11/2009 01:42 AM 93,696 bridge.sys
04/11/2009 02:32 AM 19,944 atapi.sys
04/11/2009 02:32 AM 27,624 Dumpata.sys
04/11/2009 02:32 AM 35,304 crashdmp.sys
04/11/2009 02:32 AM 48,104 mup.sys
04/11/2009 02:32 AM 53,736 disk.sys
04/11/2009 02:32 AM 54,248 partmgr.sys
04/11/2009 02:32 AM 109,032 ataport.sys
04/11/2009 02:32 AM 99,816 FWPKCLNT.SYS
04/11/2009 02:32 AM 141,288 ecache.sys
04/11/2009 02:32 AM 125,928 Classpnp.sys
04/11/2009 02:32 AM 161,752 msrpc.sys
04/11/2009 02:32 AM 180,712 msiscsi.sys
04/11/2009 02:32 AM 223,208 netio.sys
04/11/2009 02:32 AM 265,688 acpi.sys
04/11/2009 02:32 AM 190,424 fltMgr.sys
04/11/2009 02:32 AM 527,848 ndis.sys
04/11/2009 02:32 AM 14,312 pciide.sys
04/11/2009 02:32 AM 1,083,880 ntfs.sys
04/11/2009 02:32 AM 43,496 pciidex.sys
04/11/2009 02:32 AM 53,224 termdd.sys
04/11/2009 02:32 AM 122,344 Storport.sys
04/11/2009 02:32 AM 149,480 pci.sys
04/11/2009 02:32 AM 226,280 volsnap.sys
04/11/2009 02:33 AM 292,840 volmgrx.sys
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
06/15/2009 07:15 PM 439,864 ksecdd.sys
06/16/2009 03:59 PM 4,224 nvBridge.kmd
06/16/2009 03:59 PM 9,768,640 nvlddmkm.sys
09/14/2009 05:29 AM 144,896 srv2.sys
09/15/2009 06:55 AM 53,328 aswMonFlt.sys
09/15/2009 06:55 AM 20,560 aswFsBlk.sys
09/15/2009 06:55 AM 114,768 aswSP.sys
09/24/2009 09:27 PM 634,880 dxgkrnl.sys
09/30/2009 09:01 PM 40,448 WpdUsb.sys
10/07/2009 04:25 AM 266,828 LVAFT.cfg
10/16/2009 02:33 AM 41,472 usbaapl.sys
11/17/2009 08:48 PM UMDF
11/24/2009 07:48 PM 23,120 aswRdr.sys
11/24/2009 07:49 PM 48,560 aswTdi.sys
12/08/2009 01:26 PM 30,720 tcpipreg.sys
12/10/2009 04:27 AM en-US
12/11/2009 07:43 AM 98,816 srvnet.sys
12/11/2009 07:43 AM 302,080 srv.sys
02/18/2010 07:28 AM 25,088 tunnel.sys
02/18/2010 10:07 AM 904,576 tcpip.sys
02/20/2010 04:53 PM 411,648 http.sys
02/23/2010 07:10 AM 106,496 mrxsmb.sys
02/23/2010 07:10 AM 79,360 mrxsmb20.sys
02/23/2010 07:10 AM 212,992 mrxsmb10.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
05/07/2010 06:29 PM 69,592 LVFaL100.cfg
05/07/2010 06:30 PM 227,172 LVFeL100.cfg
05/07/2010 06:30 PM 85,302 LVFeL102.cfg
05/07/2010 06:30 PM 146,680 LVFeL101.cfg
05/07/2010 06:43 PM 25,824 LVPr2Mon.sys
05/07/2010 06:46 PM 14,168 iKeyLFT2.dll
05/14/2010 10:02 PM 276,448 lvrs.sys
05/14/2010 10:04 PM 6,842,592 lvuvc.sys
06/15/2010 11:49 PM 691,696 sptd.sys
06/19/2010 10:57 PM 0 lvuvc.hs
06/20/2010 12:43 AM etc
06/20/2010 01:03 AM .
06/20/2010 01:03 AM ..
320 File(s) 58,694,735 bytes
5 Dir(s) 14,428,450,816 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Elmo\AppData\Roaming
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOB
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Elmo
LOCALAPPDATA=C:\Users\Elmo\AppData\Local
LOGONSERVER=\\BOB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Elmo\AppData\Local\Temp
TMP=C:\Users\Elmo\AppData\Local\Temp
USERDOMAIN=BOB
USERNAME=Elmo
USERPROFILE=C:\Users\Elmo
windir=C:\Windows


Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
AutoHide REG_SZ yes
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\Windows\System32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Check_Associations REG_SZ yes
DEPOff REG_DWORD 0x0
Enable Browser Extensions REG_SZ yes
Use Search Asst REG_SZ no

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x0
WarnOnPost REG_BINARY 01000000
SecureProtocols REG_DWORD 0xa8
PrivacyAdvanced REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
DisableIDNPrompt REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x1
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY 8E1FCD720DEDC901
SyncMode5 REG_DWORD 0x4
MaxConnectionsPerServer REG_DWORD 0x0
MaxConnectionsPer1_0Server REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ yes
SearchMigrated REG_DWORD 0x0
Window Title REG_SZ Internet Explorer provided by Dell
Start Page REG_SZ ????????????????????????????????
Default_Page_URL REG_SZ http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070814
Default_Secondary_Page_URL REG_MULTI_SZ http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000002002000058020000
CompatibilityFlags REG_DWORD 0x0
StartPageCache REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
AlwaysShowMenus REG_DWORD 0x1
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ no
AutoHide REG_SZ yes
Expand Alt Text REG_SZ yes
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x0
DisablescriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Page_Transitions REG_DWORD 0x1
Enable Browser Extensions REG_SZ yes
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Play_Animations REG_SZ yes
Play_Background_Sounds REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
AutoSearch REG_DWORD 0x4
ControlTooltipCount REG_DWORD 0x1
StatusBarWeb REG_DWORD 0x1
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 4281102874FCC901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 72AACE4274FCC901
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 020AD04274FCC901
HistoryViewType REG_BINARY 0000
DOMStorage REG_DWORD 0x1
Use Search Asst REG_SZ no
FormSuggest PW Ask REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
{a34284a7-30d1-40f6-b5ff-ecd7dac46231} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
(Default) REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a34284a7-30d1-40f6-b5ff-ecd7dac46231}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{a34284a7-30d1-40f6-b5ff-ecd7dac46231} REG_SZ Pokemon Pokedex Toolbar

5 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:46 am

ibae


Member
Member
Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
AntiVirusOverride REG_DWORD 0x0
AntiSpywareOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
VistaSp1 REG_NONE 764C13CF46FBC801
VistaSp2 REG_NONE 0F92F515E915CA01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent



Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Age of Mythology Expansion Pack 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM_7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Diagnostics_N
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11b Network Adapter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DtsFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOM Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gunz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\legacyqcam_10.50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lvdrivers_12.10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mabinogi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapleStory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixPad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.3)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPEG2 Codec(libmpeg2/mad)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoteBurner_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopTag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Remove Empty Directories
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XecureWeb Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0394CDC8-FABD-4ed8-B104-03393876DFDF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D397393-9B50-4c52-84D5-77E344289F87}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{138A4072-9E64-46BD-B5F9-DB2BB395391F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{149464D9-B06F-4505-9968-FD1206F67AD3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4551A6-4743-4093-91E4-1477CD655043}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3AC8457C-0385-4BEA-A959-E095F05D6D67}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B4E636E-9D65-4D67-BA61-189800823F52}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E25E350-949F-4DB7-8288-2A60E018B4C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D52C408-B09A-4520-9B18-475B81D393F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F0C4457-8E64-491B-8D7B-991504365D1E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FFCFC7-88C6-41c6-8752-958A45325C82}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A253629-0511-4854-8B4E-46E57E66005C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{913DFE19-32EC-4099-89AC-27FC493A7A2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E8766951-2B6C-4022-86E8-80D2D1762B76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{931C37FC-594D-43A9-B10F-A2F2B1F03498}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A70800000002}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFAE2B15-89A0-4215-A030-F7B5B478886B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12A198C-E751-4729-839A-8FA07CF941C1}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C41300B9-185D-475E-BFEC-39EF732F19B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C523D256-313D-4866-B36A-F3DE528246EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C99C0593-3B48-41D9-B42F-6E035B320449}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0AD23CD-F088-459F-AE34-3AFBFA1C1674}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D103C4BA-F905-437A-8049-DB24763BBE36}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9DC70B6-BE13-41DD-9053-9E617E72D085}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F63A3748-B93D-4360-9AD4-B064481A5C7B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LEGO Digital Designer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Octoshape add-in for Adobe Flash Player


Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Google Update REG_SZ "C:\Users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Windows Defender REG_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
NVHotkey REG_SZ rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
LWS REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ISUSScheduler REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
CamWizard REG_SZ C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
Broadcom Wireless Manager UI REG_SZ C:\Windows\system32\WLTRAY.exe



Restrictions - Internet Explorer



Restrictions - REGEDIT

6 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:46 am

ibae


Member
Member
Restrictions - Explorer


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0xff
_NoDriveTypeAutoRun REG_DWORD 0x95
NoDesktop REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x0
NoNetHood REG_DWORD 0x0
HideClock REG_DWORD 0x0
NoManageMyComputerVerb REG_DWORD 0x0
NoLowDiskSpaceChecks REG_DWORD 0x0
NoCDBurning REG_DWORD 0x0
NoStartMenuPinnedList REG_DWORD 0x0
NoStartMenuMFUprogramsList REG_DWORD 0x0
NoUserNameInStartMenu REG_DWORD 0x0
StartmenuLogoff REG_DWORD 0x0
NoStartMenuSubFolders REG_DWORD 0x0
NoCommonGroups REG_DWORD 0x0
NoRecentDocsMenu REG_DWORD 0x0
ClearRecentDocsOnExit REG_DWORD 0x0
NoPrinterTabs REG_DWORD 0x0
NoDeletePrinter REG_DWORD 0x0
NoAddPrinter REG_DWORD 0x0
NoPrinters REG_DWORD 0x0
NoNetworkConnections REG_DWORD 0x0
NoFavoritesMenu REG_DWORD 0x0
NoRun REG_DWORD 0x0
NoFind REG_DWORD 0x0
NoClose REG_DWORD 0x0
NoSetFolders REG_DWORD 0x0
NoSMHelp REG_DWORD 0x0
NoChangeStartMenu REG_DWORD 0x0
NoViewContextMenu REG_DWORD 0x0
NoFileMenu REG_DWORD 0x0
NoDrives REG_DWORD 0x0
NoControlPanel REG_DWORD 0x0
NoShellSearchButton REG_DWORD 0x0
NoToolbarCustomize REG_DWORD 0x0
NoRecentDocsNetHood REG_DWORD 0x0
NoChangeAnimation REG_DWORD 0x0
NoChangeKeyboardNavigationIndicators REG_DWORD 0x0
NoThemesTab REG_DWORD 0x0



ActiveX


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8C165CC2-E50D-4D99-9D32-DAF6AB15AA32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F84D013-66B3-4AB7-946B-11A920A55F06}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A9F090E5-FC80-4772-AFEE-D102AB6E77D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B42DD475-BC8D-11D4-9D98-0090CC006D96}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C0B2F53E-5E61-4856-B314-FE9AE262A796}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D912AABC-6CB0-416F-85B6-CABBB86FD558}


DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D2F9CA5-C085-43CB-A45A-602C89445194}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D3B04D6-B5D7-4212-8B16-B33AB24F7455}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50279C92-B925-42F3-B752-332DE5BA888F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6909D2FE-154A-4EC4-9DE2-EC8E5063513A}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84F1BAF0-7A2B-4AA8-9FFD-526B15EC3351}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F22CB54-8A28-4A61-8076-EDB1DB7FF2E1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A05CEC7F-D6C7-4EEE-BA6E-DF691F1A99EE}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4B00C0A-16EC-49E2-B90B-F527FAA59AEF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C4271A50-9D9F-4373-A6AB-EC14BB436B2C}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C79B8BA2-C1CE-4A84-8327-30377734EB43}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0E2C305-F9C5-4B0D-88D8-70082012E28E}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E36CCBC3-2F44-4CBB-B3F9-9572AE0E86C0}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Bob
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1C-26-27-0C-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc7f:d3a4:6a17:1fbe%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, June 20, 2010 1:25:57 AM
Lease Expires . . . . . . . . . . : Monday, June 21, 2010 1:25:57 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167779366
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-52-81-54-00-19-B9-85-5C-D5
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.237.161.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-19-B9-85-5C-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:28fa:36b6:5dac:709c(Preferred)
Link-local IPv6 Address . . . . . : fe80::28fa:36b6:5dac:709c%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : isatap.domain_not_set.invalid
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6909D2FE-154A-4EC4-9DE2-EC8E5063513A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


AppInit DLLs


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ C:\Windows\System32\D3DCompiler_3532.dll



Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{88485281-8b4b-4f8d-9ede-82e29a064277} REG_SZ MarkAny Contents Safer Manager 1.0
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook



Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x294
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths
(Default) REG_SZ C:\Program Files\SigmaTel\C-Major Audio\
Installed REG_DWORD 0x0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\7zFM.exe
(Default) REG_SZ C:\Program Files\7-Zip\7zFM.exe
Path REG_SZ C:\Program Files\7-Zip

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ashAvast.exe
Path REG_SZ C:\Program Files\Alwil Software\Avast4
(Default) REG_SZ C:\Program Files\Alwil Software\Avast4\ashAvast.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BFBC2Updater.exe
(Default) REG_SZ C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe
Path REG_SZ C:\Program Files\Electronic Arts\Battlefield Bad Company 2\
Game Registry REG_SZ Software\Electronic Arts\Battlefield Bad Company 2
Installed REG_DWORD 0x1
Restart REG_DWORD 0x0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CameraHelperShell.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CamWizard.exe
Path REG_SZ C:\Program Files\Common Files\Logitech\QCDRV\BIN
(Default) REG_SZ C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
Params REG_SZ /ts

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
(Default) REG_SZ C:\Program Files\CCleaner\ccleaner.exe
Path REG_SZ C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Users\Administrator\AppData\Local\Google\Chrome\Application
(Default) REG_SZ C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe--register-chrome-browser-suffix=.Elmo
Path REG_SZ C:\Users\Elmo\AppData\Local\Google\Chrome\Application
(Default) REG_SZ C:\Users\Elmo\AppData\Local\Google\Chrome\Application\chrome.exe--register-chrome-browser-suffix=.Elmo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DellVideoChat.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
Path REG_SZ C:\Program Files\Digital Line Detect
(Default) REG_SZ C:\Program Files\Digital Line Detect\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DModem.exe
(Default) REG_SZ C:\PROGRA~1\MODEMD~1\DModem.exe
Path REG_SZ C:\Program Files\Modem Diagnostic Tool\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DtsConfig.exe
(Default) REG_SZ "C:\Program Files\DtsFilter\DtsConfig.exe"
Path REG_SZ "C:\Program Files\DtsFilter\DtsConfig.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\edocs.exe
Path REG_SZ c:\dell\docs
(Default) REG_SZ c:\dell\docs\edocs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GOM.exe
(Default) REG_SZ C:\Program Files\GRETECH\GomPlayer\GOM.exe
Path REG_SZ C:\Program Files\GRETECH\GomPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GROOVE.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\GROOVE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HijackThis.exe
(Default) REG_SZ C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
Path REG_SZ C:\Program Files\Trend Micro\HijackThis

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\inkball.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Microsoft Games\inkball\inkball.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\inuninst.exe
Path REG_SZ C:\Program Files\InterActual
(Default) REG_SZ C:\Program Files\InterActual\InterActual Player\inuninst.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\iPlayer.exe
Path REG_SZ C:\Program Files\InterActual
(Default) REG_SZ C:\Program Files\InterActual\InterActual Player\iPlayer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
(Default) REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ c:\Program Files\Java\jre1.6.0\bin\javaws.exe
Path REG_SZ c:\Program Files\Java\jre1.6.0\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Launcher_main.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\Launcher_Main.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LEGO Racers 2.exe
Path REG_SZ C:\Program Files\LEGO Media\LEGO Racers 2
(Default) REG_SZ C:\Program Files\LEGO Media\LEGO Racers 2\LEGO Racers 2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LogitechDiagnosticTool.exe
(Default) REG_SZ C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\Acme.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LWS.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MDirect.exe
Path REG_SZ C:\Program Files\Dell\MediaDirect
(Default) REG_SZ C:\Program Files\Dell\MediaDirect\MDirect.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaCapture9.exe
(Default) REG_SZ C:\Program Files\Roxio\Media Import 9\MediaCapture9.exe
Path REG_SZ C:\Program Files\Roxio\Media Import 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ModelFileHandler.exe
(Default) REG_SZ C:\Program Files\Common Files\Logishrd\LQCVFX\ModelFileHandler.exe
Path REG_SZ C:\Program Files\Common Files\Logishrd\LQCVFX\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MotionDetection.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\MotionDetection.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoUI 9\MyDVD9.exe
Path REG_SZ C:\Program Files\Roxio\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\netwaiting.exe
Path REG_SZ C:\Program Files\NetWaiting
(Default) REG_SZ C:\Program Files\NetWaiting\netwaiting.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
(Default) REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerShell.exe
(Default) REG_SZ C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe
Path REG_SZ C:\Windows\System32\WindowsPowerShell\v1.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RED2.exe
(Default) REG_SZ C:\Program Files\Remove Empty Directories\RED2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central33.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxMediaDB9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWatch9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWatchTray9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWizardLauncher9.exe
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxWizardLauncher9.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SightSpeed.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\STAX.exe
(Default) REG_SZ C:\Program Files\Roxio\Express Labeler 2\stax.exe
Path REG_SZ C:\Program Files\Roxio\Express Labeler 2\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stikynot.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\stikynot.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCGProxyFileManager9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoCore 9\VCGProxyFileManager9.exe
Path REG_SZ C:\Program Files\Roxio\VideoCore 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\vid.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoMaskMaker.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Video Mask Maker\VideoMaskMaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoWave9.exe
(Default) REG_SZ C:\Program Files\Roxio\VideoUI 9\VideoWave9.exe
Path REG_SZ C:\Program Files\Roxio\VideoUI 9\;C:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Webcamsnapshot.exe
(Default) REG_SZ C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winzip.exe
(Default) REG_SZ C:\Program Files\WinZip\winzip32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winzip32.exe
(Default) REG_SZ C:\Program Files\WinZip\winzip32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKPLMSTP.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\wkplmstp.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\Works Shared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKWCESTP.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\wkwcestp.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\System32\XPSViewer\XPSViewer.exe"

7 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 1:48 am

ibae


Member
Member
Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock
(Default) REG_SZ 1.8.1.11
CurrentVersion REG_SZ 2.0.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock\2.0.3 (en-US)
(Default) REG_SZ 2.0.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock\2.0.3 (en-US)\Uninstall
Uninstall Log Folder REG_SZ C:\Program Files\Flock\uninstall
Description REG_SZ Flock (2.0.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock 2.0.3
GeckoVer REG_SZ 1.8.1.11

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock 2.0.3\bin
PathToExe REG_SZ C:\Program Files\Flock\FLOCK.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock 2.0.3\extensions
Components REG_SZ C:\Program Files\Flock\components
Plugins REG_SZ C:\Program Files\Flock\plugins

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.3
CurrentVersion REG_SZ 3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)
(Default) REG_SZ 3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3
GeckoVer REG_SZ 1.9.2.3

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins



Shared Task Scheduler


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon



SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll



Adobe Products


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800



{END OF FILE}





Side note: At the end of one of my posts, I noticed the "Pokemon Pokedex Toolbar"... LOL. Maybe that was when I let my friend borrow the computer. But haha, that sure got a laugh out of me. Razz
Also... I apologize that the above logs are ridiculously long! :\
Once again, I greatly appreciate the help!

8 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 4:35 am

DragonMaster Jay


Site Owner
Site Owner
Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:
  • Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do this:

    Reply to this topic with the word BUMP.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.




I see you are running BitTorrent and uTorrent. I suggest to read the following, and then decide whether you want to keep it or not: http://www.helpmyos.com/learn-security-f40/p2p-programs-t1102.htm

=============================================

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

=============================================

Do you recognize these restrictions:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0xff
_NoDriveTypeAutoRun REG_DWORD 0x95
NoDesktop REG_DWORD 0x0
NoActiveDesktop REG_DWORD 0x0
NoNetHood REG_DWORD 0x0
HideClock REG_DWORD 0x0
NoManageMyComputerVerb REG_DWORD 0x0
NoLowDiskSpaceChecks REG_DWORD 0x0
NoCDBurning REG_DWORD 0x0
NoStartMenuPinnedList REG_DWORD 0x0
NoStartMenuMFUprogramsList REG_DWORD 0x0
NoUserNameInStartMenu REG_DWORD 0x0
StartmenuLogoff REG_DWORD 0x0
NoStartMenuSubFolders REG_DWORD 0x0
NoCommonGroups REG_DWORD 0x0
NoRecentDocsMenu REG_DWORD 0x0
ClearRecentDocsOnExit REG_DWORD 0x0
NoPrinterTabs REG_DWORD 0x0
NoDeletePrinter REG_DWORD 0x0
NoAddPrinter REG_DWORD 0x0
NoPrinters REG_DWORD 0x0
NoNetworkConnections REG_DWORD 0x0
NoFavoritesMenu REG_DWORD 0x0
NoRun REG_DWORD 0x0
NoFind REG_DWORD 0x0
NoClose REG_DWORD 0x0
NoSetFolders REG_DWORD 0x0
NoSMHelp REG_DWORD 0x0
NoChangeStartMenu REG_DWORD 0x0
NoViewContextMenu REG_DWORD 0x0
NoFileMenu REG_DWORD 0x0
NoDrives REG_DWORD 0x0
NoControlPanel REG_DWORD 0x0
NoShellSearchButton REG_DWORD 0x0
NoToolbarCustomize REG_DWORD 0x0
NoRecentDocsNetHood REG_DWORD 0x0
NoChangeAnimation REG_DWORD 0x0
NoChangeKeyboardNavigationIndicators REG_DWORD 0x0
NoThemesTab REG_DWORD 0x0

=======================================

  • Please download DeFogger to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.


===============================================

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

9 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 2:49 pm

ibae


Member
Member
I actually did press Remove Selected Items on MBAM after I found three infected registry keys and manually restarted my computer. I uninstalled uTorrent, but I don't know why I still have BitTorrent installed... I actually uninstalled BitTorrent and switched to uTorrent last year.. So BitTorrent does not show up on my Add or Remove Programs list.. And yes, I did uninstall Viewpoint Media Player; I did not know that I even had it installed on my computer in the first place!

Also, I followed the directions that BleepingComputer gave me to disable my antivirus softwares, but Combofix kept telling me that Avast! was still running even after I completely disabled it and it didn't show on the Task Manager.

Here's my combofix log:

ComboFix 10-06-19.03 - Elmo 06/20/2010 14:18:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1199 [GMT -4:00]
Running from: c:\users\Elmo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081122-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Elmo\AppData\Roaming\0200000072191d92530C.manifest
c:\users\Elmo\AppData\Roaming\0200000072191d92530O.manifest
c:\users\Elmo\AppData\Roaming\0200000072191d92530P.manifest
c:\users\Elmo\AppData\Roaming\0200000072191d92530S.manifest
c:\users\Elmo\ChromeSetup.exe
c:\windows\system32\%appdata%
c:\windows\system32\BReWErS.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 09:44 . 2010-06-20 09:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\users\Elmo\AppData\Roaming\Malwarebytes
2010-06-20 05:03 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\programdata\Malwarebytes
2010-06-20 05:03 . 2010-06-20 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 05:03 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 22:55 . 2010-06-19 22:55 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-18 20:51 . 2010-06-18 20:53 -------- d-----w- c:\users\Elmo\AppData\Roaming\ooVoo Details
2010-06-18 20:47 . 2010-06-18 20:47 -------- d-----w- c:\program files\ooVoo
2010-06-16 20:39 . 2010-06-16 20:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DragonicaSCB
2010-06-16 18:53 . 2010-06-16 18:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-06-16 18:46 . 2010-06-16 20:23 1096 -c--a-w- C:\debug.dat
2010-06-16 18:39 . 2010-06-16 18:39 291 ----a-w- c:\windows\PowerReg.dat
2010-06-16 18:33 . 2000-01-14 16:14 45568 ----a-w- c:\windows\UniFish3.exe
2010-06-16 18:32 . 2010-06-16 18:32 -------- d-----w- c:\program files\Hasbro Interactive
2010-06-16 05:45 . 2010-06-17 02:24 -------- d-----w- c:\users\Elmo\AppData\Roaming\Atari
2010-06-16 04:07 . 2010-06-16 04:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-06-16 04:05 . 2010-06-16 04:05 -------- d-----w- c:\program files\LEGO Media
2010-06-16 03:48 . 2010-06-16 03:49 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 04:01 -------- d-----w- c:\users\Elmo\AppData\Roaming\DAEMON Tools Lite
2010-06-16 03:47 . 2010-06-16 03:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-15 23:10 . 2010-06-15 23:10 -------- d-----w- c:\program files\Activision Value
2010-06-15 20:20 . 2010-06-16 00:49 -------- dc----w- C:\hegames
2010-06-15 17:12 . 2010-06-15 17:12 -------- d-----w- c:\program files\Enigma Software Group
2010-06-13 22:33 . 2010-06-13 22:33 -------- d-----w- c:\program files\Common Files\Nero
2010-06-13 22:33 . 2010-06-20 18:29 -------- d-----w- c:\program files\Motorola Media Link
2010-06-13 22:30 . 2010-06-13 22:30 -------- d-----w- c:\users\Elmo\AppData\Roaming\Logitech
2010-06-13 20:52 . 2010-06-13 20:52 680 ----a-w- c:\users\Elmo\AppData\Local\d3d9caps.dat
2010-06-13 20:26 . 2010-06-13 20:26 -------- d-----w- c:\users\Elmo\{f51b9d09-372f-40cf-ba8a-91e53cb62b21}
2010-06-13 20:23 . 2010-06-13 20:23 -------- d-----w- c:\program files\Motorola
2010-06-13 02:03 . 2010-06-13 02:03 119032 ----a-w- c:\users\Elmo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-13 01:26 . 2010-06-13 01:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Leadertech
2010-06-13 01:26 . 2010-06-20 18:29 -------- d-----w- c:\windows\system32\logishrd
2010-06-13 01:25 . 2010-06-13 01:25 -------- d-----w- c:\program files\Common Files\LWS
2010-06-13 01:06 . 2010-06-13 01:06 -------- d-----w- c:\users\Elmo\AppData\Local\LogiShrd
2010-06-13 01:04 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-06-13 01:01 . 2010-06-13 01:07 -------- d-----w- c:\programdata\LogiShrd
2010-06-10 17:21 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 02:19 . 2010-06-10 02:43 -------- d-----w- c:\program files\PeerGuardian2
2010-06-07 17:01 . 2010-06-07 17:01 -------- d-----w- c:\program files\Electronic Arts
2010-06-07 05:24 . 2010-06-07 05:24 -------- dc----w- C:\Internet Evidence Finder
2010-06-05 20:00 . 2010-06-05 20:00 -------- d-----w- c:\users\Elmo\AppData\Roaming\ImgBurn
2010-06-05 19:55 . 2010-06-05 19:56 -------- d-----w- c:\program files\ImgBurn
2010-06-05 02:13 . 2010-06-05 02:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-04 05:07 . 2010-06-04 05:07 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-06-04 05:07 . 2010-06-04 05:07 -------- d-----w- c:\program files\Common Files\DeskShare Shared
2010-06-04 04:59 . 2010-06-04 04:59 -------- d-----w- c:\program files\Common Files\Common Share
2010-06-04 04:59 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-06-04 04:37 . 2010-06-04 04:37 -------- d-----w- c:\users\Elmo\AppData\Local\Geckofx
2010-06-04 03:49 . 2006-12-15 01:41 41248 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-06-04 03:49 . 2006-12-15 01:40 1513120 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-06-04 03:49 . 2006-12-15 01:38 133920 ----a-w- c:\windows\system32\lvcoinst.dll
2010-06-04 03:48 . 2010-06-13 01:26 -------- d-----w- c:\programdata\Logitech
2010-06-04 03:45 . 2010-06-13 01:26 -------- d-----w- c:\program files\Logitech
2010-06-04 03:16 . 2010-06-04 03:16 -------- d-----w- c:\users\Elmo\AppData\Local\ElevatedDiagnostics
2010-06-04 02:58 . 2010-06-04 03:07 -------- d-----w- c:\program files\Microsoft ATS
2010-06-04 02:29 . 2005-12-06 03:28 142848 ----a-w- c:\windows\system32\drivers\lvmjpeg.sys
2010-06-04 02:29 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system\msvcr71.dll
2010-06-04 02:19 . 2005-12-09 19:31 245824 ----a-r- c:\windows\system32\InstExec.exe
2010-06-04 02:19 . 2010-06-04 02:26 -------- d-----w- c:\program files\Common Files\Logitech
2010-06-04 02:02 . 2010-06-13 01:27 -------- d-----w- c:\program files\Common Files\logishrd
2010-06-02 02:26 . 2010-06-20 04:27 -------- d-----w- c:\users\Elmo\AppData\Roaming\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----r- c:\program files\Skype
2010-06-02 02:24 . 2010-06-02 02:24 -------- d-----w- c:\programdata\Skype
2010-05-30 05:21 . 2010-05-30 05:21 -------- d-----w- c:\users\Elmo\AppData\Roaming\DragonicaSCB
2010-05-26 10:06 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-22 16:32 . 2010-06-04 02:04 -------- d-----w- c:\users\Elmo\AppData\Local\PMB Files
2010-05-22 16:32 . 2010-06-02 15:18 -------- d-----w- c:\programdata\PMB Files
2010-05-22 16:27 . 2010-05-22 16:27 -------- d-----w- c:\program files\Pando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 18:31 . 2009-11-17 12:29 113568 ----a-w- c:\programdata\nvModes.dat
2010-06-20 09:44 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-20 09:43 . 2007-08-13 21:20 -------- d-----w- c:\program files\Java
2010-06-20 09:24 . 2007-12-23 20:19 -------- d-----w- c:\programdata\Viewpoint
2010-06-20 07:00 . 2009-04-10 16:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-20 03:10 . 2010-06-20 03:08 46064978 ----a-w- c:\programdata\motorola\motorola media link\UpDate\Download\Motorola Media Link\1.02.0800.3\patch\patch.exe
2010-06-20 02:57 . 2010-06-04 02:03 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-19 01:09 . 2010-05-03 21:10 -------- d-----w- c:\program files\Bonjour
2010-06-17 02:25 . 2007-08-13 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 03:49 . 2008-08-03 01:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-15 16:54 . 2009-11-24 18:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-13 22:33 . 2009-12-27 02:49 -------- d-----w- c:\programdata\Nero
2010-06-13 01:26 . 2010-06-13 01:26 53248 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-06-13 01:15 . 2009-08-17 02:12 119032 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 02:51 . 2009-04-10 15:31 -------- d-----w- c:\program files\CCleaner
2010-06-10 19:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 19:03 . 2007-08-29 03:41 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 00:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-06-04 02:15 . 2007-08-13 21:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 23:04 . 2010-05-23 04:01 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-06-02 23:04 . 2010-05-23 04:01 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-06-02 23:04 . 2010-05-23 04:01 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-06-02 23:04 . 2007-12-20 23:47 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-06-02 23:04 . 2007-12-20 23:46 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-06-02 23:04 . 2007-12-20 23:46 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-05-26 17:06 . 2010-06-10 17:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2009-10-03 05:18 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 00:15 . 2010-05-21 00:10 -------- d--h--w- c:\program files\InstallJammer Registry
2010-05-21 00:14 . 2010-05-21 00:10 -------- d-----w- c:\users\Elmo\AppData\Roaming\Gmote
2010-05-19 07:54 . 2010-05-19 07:54 1824136 ----a-w- c:\programdata\Nexon\Common\NMService.exe
2010-05-19 07:54 . 2010-05-19 07:54 1734032 ----a-w- c:\programdata\Nexon\Common\nmconew.dll
2010-05-15 02:04 . 2010-05-15 02:04 6842592 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-15 02:03 . 2010-05-15 02:03 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-15 02:03 . 2010-05-15 02:03 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-15 02:02 . 2010-05-15 02:02 276448 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-15 01:59 . 2010-05-15 01:59 203360 ----a-w- c:\windows\system32\lvci1301783.dll
2010-05-15 01:59 . 2010-05-15 01:59 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-15 01:56 . 2010-05-15 01:56 10830680 ----a-w- c:\windows\system32\LogiDPP.dll
2010-05-15 01:56 . 2010-05-15 01:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-05-15 01:55 . 2010-05-15 01:55 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-05-15 01:46 . 2010-05-15 01:46 37518 ----a-w- c:\windows\system32\Repository.reg
2010-05-14 04:06 . 2010-05-14 04:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-12 20:42 . 2010-05-12 20:42 46904 ----a-w- c:\programdata\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe
2010-05-11 20:03 . 2010-05-11 20:03 -------- d-----w- c:\program files\Mozilla Firefox Browser
2010-05-07 22:50 . 2010-05-07 22:50 299352 ----a-w- c:\programdata\Logitech\LWS\Filters\VMSEF.dll
2010-05-07 22:48 . 2010-05-07 22:48 6915416 ----a-w- c:\programdata\Logitech\LWS\Filters\MMSEF.dll
2010-05-07 22:46 . 2010-05-07 22:46 14168 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2010-05-07 22:43 . 2010-05-07 22:43 25824 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2010-05-07 22:30 . 2010-05-07 22:30 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2010-05-07 22:30 . 2010-05-07 22:30 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2010-05-07 22:30 . 2010-05-07 22:30 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2010-05-07 22:29 . 2010-05-07 22:29 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2010-05-04 21:04 . 2010-05-04 21:02 -------- d-----w- c:\program files\iTunes
2010-05-04 21:02 . 2010-05-04 21:02 -------- d-----w- c:\program files\iPod
2010-05-04 21:02 . 2007-10-10 04:37 -------- d-----w- c:\program files\Common Files\Apple
2010-05-04 11:31 . 2010-05-04 11:30 -------- d-----w- c:\program files\QuickTime
2010-05-04 05:59 . 2010-06-10 17:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 17:22 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 20:00 . 2008-11-22 02:30 220926964 ----a-w- c:\users\Elmo\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2007-08-14 05:05 . 2007-08-14 05:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-22 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-13 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-8-13 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0f,92,f5,15,e9,15,ca,01

R1 msjmfcxb;msjmfcxb;c:\windows\system32\drivers\msjmfcxb.sys [x]
R1 nhygiydq;nhygiydq;c:\windows\system32\drivers\nhygiydq.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [2008-10-18 131072]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-18 79104]
R3 ndfs;ndfs;c:\program files\Netdrive\ndfs.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 samhid;samhid;c:\windows\system32\drivers\samhid.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 13440]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-04-29 85088]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000Core.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-1000UA.job
- c:\users\Elmo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-22 20:36]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2581296474-4004132396-1459460041-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-13 03:21]

2010-06-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-10 19:31]

2010-06-20 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-10 19:31]

2010-06-20 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-12-09 12:36]

2010-06-20 c:\windows\Tasks\User_Feed_Synchronization-{75750F29-32CD-46E9-AC03-910F4F4C582C}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = ????????????????????????????????
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20090318.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_7_3_DE.cab
DPF: {B42DD475-BC8D-11D4-9D98-0090CC006D96} - hxxp://mxengine.net-dimension.com/download/1.1.8.523/axmxeng.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
FF - ProfilePath - c:\users\Elmo\AppData\Roaming\Mozilla\Firefox\Profiles\d4hqe602.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?cplp=1276474116167
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Elmo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{a34284a7-30d1-40f6-b5ff-ecd7dac46231} - (no file)
BHO-{a34284a7-30d1-40f6-b5ff-ecd7dac46231} - (no file)
Toolbar-{a34284a7-30d1-40f6-b5ff-ecd7dac46231} - (no file)
WebBrowser-{A34284A7-30D1-40F6-B5FF-ECD7DAC46231} - (no file)
HKLM-Run-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
ShellExecuteHooks-{88485281-8b4b-4f8d-9ede-82e29a064277} - (no file)
Notify-8abb4508530 - c:\windows\System32\D3DCompiler_3532.dll
AddRemove-{C12A198C-E751-4729-839A-8FA07CF941C1}_is1 - j:\dragonica\Dragonica\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Elmo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2581296474-4004132396-1459460041-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,a7,61,2b,97,6c,a8,5a,13,28,ee,26,83,ce,65,7b,39,f0,98,6d,d0,
9d,8a,09,63,f9,67,0e,e4,28,6e,77,b4,1e,7e,80,11,12,d1,ad,58,56,41,e9,83,3b,\
"rkeysecu"=hex:22,08,71,d5,fd,fc,48,78,de,35,45,c8,57,d1,a0,72

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-20 14:41:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-20 18:41

Pre-Run: 13,946,019,840 bytes free
Post-Run: 14,027,276,288 bytes free

- - End Of File - - 2075CEC4ED3C29A73486D566B93A6F15

10 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 2:55 pm

DragonMaster Jay


Site Owner
Site Owner
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

11 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 9:31 pm

ibae


Member
Member
Here it is:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2163c75ced0be642838aa69438d09903
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-21 01:22:50
# local_time=2010-06-20 09:22:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 36778567 36778567 0 0
# compatibility_mode=769 16775165 100 98 0 212441942 0 0
# compatibility_mode=5892 16776637 100 100 0 113686316 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=167773
# found=0
# cleaned=0
# scan_time=4581

12 Re: Hiya, I'd like some help. on Sun Jun 20, 2010 10:11 pm

DragonMaster Jay


Site Owner
Site Owner
If there are no more issues, then it is time to clean up.

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

13 Re: Hiya, I'd like some help. on Mon Jun 21, 2010 12:04 am

ibae


Member
Member
Thanks for all of your help! I just have a final question.. previously, you mentioned that I had BitTorrent and uTorrent installed. However, although I did uninstall BitTorrent a long while back and switched to uTorrent (which is uninstalled now), my guess is that BitTorrent still remained on my computer? So I was wondering if there is a program that can detect old programs that may have remained in my memory? I downloaded a program called "Clean Empty Directories" a few months ago to hopefully get rid of some excess folders but that doesn't really help since its often hard to tell whether or not a folder is essential or not.

And here is my Security Check log:
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6
Adobe Flash Player 10.1.53.64
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


EDIT
So, I ran SpyHunter to check for any viruses.. and it tells me that a bunch of adult websites were removed from my registry (252 to be exact), and asked me if I wanted to restore the changes (as in, add them back) and i pressed ignore (to ignore the changes) and I ran a scan. However, it still came up with 252 registry items of adult sites. I'd post a log, but I don't think Spyhunter does logs. all of the items are labeled under "Object Name" as 'Zlob.Trojan." I'm a bit confused. I did press "check all parasites" and remove them. However, they always come up when it does its daily scheduled scan at 9am assuming that I didn't scan my computer beforehand and remove them already.
However, the first part I mentioned about SpyHunter telling me that the adult websites were removed from my registry is a change. Normally, when I wake up in the morning and check the scan results, it tells me that the websites were ADDED instead of removed. & it told me that there were changes in the windows.ini or whatever it was called and asked if I wanted to restore the changes or ignore them. I pressed ignore of course, because I didn't want to undo all of the hardwork and effort that you put in into helping me, but I am a bit concerned. Maybe I should just uninstall Spyhunter, for it might be corrupt? I think I will actually do that. Also keep in mind that my SpyHunter has been updated in the definitions, but not the program itself.
Thanks, and I sincerely apologize if I messed anything up.

14 Re: Hiya, I'd like some help. on Mon Jun 21, 2010 8:00 pm

DragonMaster Jay


Site Owner
Site Owner
Ok. No biggie about BitTorrent. If you really want it fully removed, then let me know.

Spyhunter is not a very good program to run as antispyware. Feel free to remove it. You might be doing yourself a favor anyway.

===========================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

===============================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  • Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • PC Tools Firewall Plus: free and excellent firewall.


AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: http://www.getfirefox.com
  • Opera is available here: http://www.opera.com/download/


See this page for more info about malware and prevention.

Please leave feedback for The Ultimate Geek TaskForce! by going here

If you would like to make a small donation, please see the link in my signature below.

If you ever need help in the future, feel free to come back to this site for any computer issue, and we shall help.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

15 Re: Hiya, I'd like some help. on Mon Jun 21, 2010 9:36 pm

ibae


Member
Member
Two final things!

1. Yes! I would like to completely uninstall BitTorrent from my computer.

2. About safe internet browsers... I've always hated Internet Explorer, and I stopped using Internet Explorer ever since Google Chrome came out. Other than its tendency to suck up a ton of CPU memory, is it an unsafe and less preferred browser to use?

Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 2]

Goto page : 1, 2  Next

SecuraGeek Forums » Malware/Threat Removal » Hiya, I'd like some help.

Permissions in this forum:
You cannot reply to topics in this forum