Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » Removal of System Tool 2011

View previous topic View next topic Go down  Message [Page 1 of 1]

1 Removal of System Tool 2011 on Sat Dec 11, 2010 12:15 pm

jabunt


New Member
This is on a Vista machine


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5295

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

12/11/2010 10:59:51 AM
mbam-log-2010-12-11 (10-59-51).txt

Scan type: Quick scan
Objects scanned: 128890
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

this is the MSS FILE

MySystem-Search


MSS v1.7


Basic System Information

Username: Mom - Date: 12/11/2010 - Time: 11:04:25

Microsoft Windows [Version 6.0.6002]
Processor type: x86 Family 6 Model 22 Stepping 1, GenuineIntel
Total processors: 1
Computer Name: MOM-PC
Logon Server: \\MOM-PC


CD Emulation Drivers running?

Roxio found!


Peer-to-Peer applications?



Security Tools Check

Malwarebytes' Anti-Malware
ERUNT


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
smss.exe 348 Normal C:\Windows\System32\smss.exe
csrss.exe 408 Normal C:\Windows\system32\csrss.exe
csrss.exe 444 Normal C:\Windows\system32\csrss.exe
wininit.exe 452 High C:\Windows\system32\wininit.exe
winlogon.exe 480 High C:\Windows\system32\winlogon.exe
services.exe 524 Normal C:\Windows\system32\services.exe
lsass.exe 540 Normal C:\Windows\system32\lsass.exe
lsm.exe 548 Normal C:\Windows\system32\lsm.exe
svchost.exe 704 Normal C:\Windows\system32\svchost.exe
svchost.exe 764 Normal C:\Windows\system32\svchost.exe
svchost.exe 796 Normal C:\Windows\System32\svchost.exe
svchost.exe 880 Normal C:\Windows\System32\svchost.exe
svchost.exe 908 Normal C:\Windows\system32\svchost.exe
svchost.exe 944 Normal C:\Windows\System32\svchost.exe
svchost.exe 988 Normal C:\Windows\system32\svchost.exe
svchost.exe 1008 Normal C:\Windows\system32\svchost.exe
svchost.exe 1084 Normal C:\Windows\system32\svchost.exe
Explorer.EXE 1320 Normal C:\Windows\Explorer.EXE
svchost.exe 1404 Normal C:\Windows\system32\svchost.exe
wmpnscfg.exe 1764 Normal C:\Program Files\Windows Media Player\wmpnscfg.exe
wmiprvse.exe 1756 Normal C:\Windows\system32\wbem\wmiprvse.exe
mss.exe 1572 Normal C:\Users\Mom\Desktop\mss.exe
cmd.exe 1716 Normal C:\Windows\system32\cmd.exe
DllHost.exe 652 Normal C:\Windows\system32\DllHost.exe
pv.exe 368 Normal C:\Users\Mom\Desktop\pv.exe


User Profile check

Mom
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2944165837-3539766159-2639353112-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Mom
Flags REG_DWORD 0x0
State REG_DWORD 0x100
Sid REG_BINARY 010500000000000515000000CD677CAF8F8BFCD21855519DE8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0



Current Scheduled Tasks

PATH: C:\Windows\Tasks

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
GoogleUpdateTaskUserS-1-5-21-2944165837-3539766159-2639353112-1000Core.job
GoogleUpdateTaskUserS-1-5-21-2944165837-3539766159-2639353112-1000UA.job
SCHEDLGU.TXT
Norton Security Scan for Mom.job
SA.DAT


Windows Drivers and NT-Services

Volume in drive C is OS
Volume Serial Number is EA2B-F62A

Directory of C:\Windows\System32\Drivers

10/15/2009 04:17 AM 0 Msft_User_WpdFs_01_00_00.Wdf
11/24/2009 03:17 AM 0 Msft_User_WpdFs_01_07_00.Wdf
06/26/2009 06:36 AM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
11/24/2009 03:17 AM 0 Msft_User_WpdMtpDr_01_07_00.Wdf
09/09/2010 07:41 PM 0 Msft_User_WpdRapi_01_00_00.Wdf
5 File(s) 0 bytes
0 Dir(s) 175,848,452,096 bytes free
Volume in drive C is OS
Volume Serial Number is EA2B-F62A

Directory of C:\Windows\System32\Drivers

09/18/2006 03:26 PM 3,440,660 gm.dls
09/18/2006 03:26 PM 646 gmreadme.txt
10/01/2006 03:10 PM 328,162 ativcaxx.cpa
10/01/2006 03:10 PM 929 ativcaxx.vp
10/01/2006 03:10 PM 2,096 ativpkxx.vp
10/01/2006 03:10 PM 2,096 ativokxx.vp
10/15/2006 03:11 PM 34,656 ativvpxx.vp
11/02/2006 12:37 AM 20,480 secdrv.sys
11/02/2006 01:36 AM 2,028,032 atikmdag.sys
11/02/2006 01:36 AM 20,608 ntrigdigi.sys
11/02/2006 02:24 AM 62,336 BrSerWdm.sys
11/02/2006 02:24 AM 12,160 BrUsbMdm.sys
11/02/2006 02:24 AM 13,568 BrFiltLo.sys
11/02/2006 02:24 AM 5,248 BrFiltUp.sys
11/02/2006 02:24 AM 11,904 BrUsbSer.sys
11/02/2006 02:25 AM 71,808 BrSerId.sys
11/02/2006 02:51 AM 8,704 parvdm.sys
11/02/2006 02:51 AM 17,920 serenum.sys
11/02/2006 02:51 AM 83,456 serial.sys
11/02/2006 02:51 AM 79,360 parport.sys
11/02/2006 02:51 AM 13,312 sfloppy.sys
11/02/2006 02:52 AM 20,608 wacompen.sys
11/02/2006 02:55 AM 21,504 hidir.sys
11/02/2006 02:55 AM 19,456 usbohci.sys
11/02/2006 02:55 AM 68,608 usbcir.sys
11/02/2006 02:55 AM 53,376 1394bus.sys
11/02/2006 02:55 AM 62,080 ohci1394.sys
11/02/2006 02:55 AM 29,184 hidbth.sys
11/02/2006 02:55 AM 39,936 bthmodem.sys
11/02/2006 03:04 AM 878,080 PEAuth.sys
11/02/2006 03:49 AM 31,848 sym_hi.sys
11/02/2006 03:49 AM 33,384 Mraid35x.sys
11/02/2006 03:50 AM 34,920 sym_u3.sys
11/02/2006 03:50 AM 35,944 symc8xx.sys
11/02/2006 03:50 AM 35,944 iteatapi.sys
11/02/2006 03:50 AM 35,944 iteraid.sys
11/02/2006 03:50 AM 71,272 djsvs.sys
11/02/2006 03:50 AM 76,392 sbp2port.sys
11/02/2006 03:50 AM 41,576 iirsp.sys
11/02/2006 03:50 AM 45,160 nfrd960.sys
11/02/2006 03:50 AM 98,408 ulsata.sys
11/02/2006 03:50 AM 106,088 ql40xx.sys
11/02/2006 03:51 AM 167,528 pcmcia.sys
11/02/2006 05:18 AM etc
03/09/2007 05:04 PM 31,072 iqvw32.sys
04/26/2007 04:41 AM 304,920 iaStor.sys
04/29/2007 02:42 AM 228,224 e1e6032.sys
05/11/2007 07:26 AM 1,773,536 RTKVHDA.sys
10/17/2007 02:00 AM 9,072 cdr4_xp.sys
10/17/2007 02:00 AM 9,200 cdralw2k.sys
11/14/2007 03:00 AM 43,840 pxhelp20.sys
01/20/2008 08:32 PM 6,656 errdev.sys
01/20/2008 08:32 PM 11,264 wmiacpi.sys
01/20/2008 08:32 PM 28,216 battc.sys
01/20/2008 08:32 PM 20,792 compbatt.sys
01/20/2008 08:32 PM 41,472 intelppm.sys
01/20/2008 08:32 PM 41,472 viac7.sys
01/20/2008 08:32 PM 44,032 amdk8.sys
01/20/2008 08:32 PM 41,472 amdk7.sys
01/20/2008 08:32 PM 40,960 crusoe.sys
01/20/2008 08:32 PM 40,960 processr.sys
01/20/2008 08:32 PM 17,976 intelide.sys
01/20/2008 08:32 PM 19,000 cmdide.sys
01/20/2008 08:32 PM 17,464 aliide.sys
01/20/2008 08:32 PM 20,024 viaide.sys
01/20/2008 08:32 PM 17,976 amdide.sys
01/20/2008 08:32 PM 55,864 SISAGP.SYS
01/20/2008 08:32 PM 15,288 swenum.sys
01/20/2008 08:32 PM 60,984 ULIAGPKX.SYS
01/20/2008 08:32 PM 109,112 NV_AGP.SYS
01/20/2008 08:32 PM 31,288 mssmbios.sys
01/20/2008 08:32 PM 56,376 AGP440.sys
01/20/2008 08:32 PM 16,440 msisadrv.sys
01/20/2008 08:32 PM 49,720 isapnp.sys
01/20/2008 08:32 PM 52,792 volmgr.sys
01/20/2008 08:32 PM 56,888 VIAAGP.SYS
01/20/2008 08:32 PM 57,400 AMDAGP.SYS
01/20/2008 08:32 PM 248,832 rdpdr.sys
01/20/2008 08:32 PM 45,568 blbdrive.sys
01/20/2008 08:32 PM 26,112 vgapnp.sys
01/20/2008 08:32 PM 30,264 i2omp.sys
01/20/2008 08:32 PM 19,000 i2omgmt.sys
01/20/2008 08:32 PM 23,552 usbuhci.sys
01/20/2008 08:32 PM 5,888 usbd.sys
01/20/2008 08:32 PM 54,784 i8042prt.sys
01/20/2008 08:32 PM 15,872 mouhid.sys
01/20/2008 08:32 PM 34,360 mouclass.sys
01/20/2008 08:32 PM 19,968 sermouse.sys
01/20/2008 08:32 PM 25,088 fdc.sys
01/20/2008 08:32 PM 20,480 flpydisk.sys
01/20/2008 08:32 PM 73,216 usbccgp.sys
01/20/2008 08:32 PM 105,016 mpio.sys
01/20/2008 08:32 PM 238,648 uliahci.sys
01/20/2008 08:32 PM 130,048 drmk.sys
01/20/2008 08:32 PM 5,632 drmkaud.sys
01/20/2008 08:32 PM 422,968 adp94xx.sys
01/20/2008 08:32 PM 45,112 nvstor.sys
01/20/2008 08:32 PM 102,968 nvraid.sys
01/20/2008 08:32 PM 94,776 msdsm.sys
01/20/2008 08:32 PM 59,448 UAGP35.SYS
01/20/2008 08:32 PM 61,496 GAGP30KX.SYS
01/20/2008 08:32 PM 41,984 monitor.sys
01/20/2008 08:32 PM 24,632 crcdisk.sys
01/20/2008 08:32 PM 342,584 elxstor.sys
01/20/2008 08:32 PM 64,512 IPMIDrv.sys
01/20/2008 08:32 PM 18,944 usbprint.sys
01/20/2008 08:32 PM 34,816 umbus.sys
01/20/2008 08:32 PM 96,312 lsi_scsi.sys
01/20/2008 08:32 PM 235,064 iaStorV.sys
01/20/2008 08:32 PM 12,288 sffp_mmc.sys
01/20/2008 08:32 PM 13,312 sffdisk.sys
01/20/2008 08:32 PM 11,776 sffp_sd.sys
01/20/2008 08:32 PM 115,816 ulsata2.sys
01/20/2008 08:32 PM 35,384 kbdclass.sys
01/20/2008 08:32 PM 96,312 lsi_fc.sys
01/20/2008 08:32 PM 79,416 arc.sys
01/20/2008 08:32 PM 130,616 vsmraid.sys
01/20/2008 08:32 PM 79,928 arcsas.sys
01/20/2008 08:32 PM 22,072 wd.sys
01/20/2008 08:32 PM 118,784 E1G60I32.sys
01/20/2008 08:32 PM 1,122,360 ql2300.sys
01/20/2008 08:32 PM 89,656 lsi_sas.sys
01/20/2008 08:32 PM 300,600 adpahci.sys
01/20/2008 08:32 PM 41,016 sisraid2.sys
01/20/2008 08:32 PM 35,328 circlass.sys
01/20/2008 08:32 PM 101,432 adpu160m.sys
01/20/2008 08:32 PM 74,808 sisraid4.sys
01/20/2008 08:32 PM 40,504 HpCISSs.sys
01/20/2008 08:32 PM 25,472 hidparse.sys
01/20/2008 08:32 PM 386,616 MegaSR.sys
01/20/2008 08:32 PM 149,560 adpu320.sys
01/20/2008 08:32 PM 31,288 megasas.sys
01/20/2008 08:32 PM 35,328 usbscan.sys
01/20/2008 08:32 PM 31,232 qwavedrv.sys
01/20/2008 08:32 PM 12,288 bdasup.sys
01/20/2008 08:33 PM 17,976 wmilib.sys
01/20/2008 08:33 PM 110,080 videoprt.sys
01/20/2008 08:33 PM 57,400 mountmgr.sys
01/20/2008 08:33 PM 6,144 beep.sys
01/20/2008 08:33 PM 7,680 umpass.sys
01/20/2008 08:33 PM 4,608 null.sys
01/20/2008 08:33 PM 22,528 msfs.sys
01/20/2008 08:33 PM 70,144 cdfs.sys
01/20/2008 08:33 PM 503,864 Wdf01000.sys
01/20/2008 08:33 PM 35,896 WdfLdr.sys
01/20/2008 08:33 PM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/20/2008 08:33 PM 69,632 bowser.sys
01/20/2008 08:33 PM 13,312 irenum.sys
01/20/2008 08:33 PM 142,904 scsiport.sys
01/20/2008 08:33 PM 58,936 fileinfo.sys
01/20/2008 08:33 PM 17,408 asyncmac.sys
01/20/2008 08:33 PM 20,992 tdi.sys
01/20/2008 08:33 PM 6,144 RDPCDD.sys
01/20/2008 08:33 PM 12,800 fs_rec.sys
01/20/2008 08:33 PM 29,184 tdtcp.sys
01/20/2008 08:33 PM 17,920 tdpipe.sys
01/20/2008 08:33 PM 21,048 spldr.sys
01/20/2008 08:34 PM 11,776 rasacd.sys
01/20/2008 08:34 PM 35,840 netbios.sys
01/20/2008 08:34 PM 27,648 filetrace.sys
01/20/2008 08:34 PM 13,312 dxapi.sys
01/20/2008 08:34 PM 62,464 wanarp.sys
01/20/2008 08:34 PM 49,664 ndproxy.sys
01/20/2008 08:34 PM 20,992 ndistapi.sys
01/20/2008 08:34 PM 100,864 ipnat.sys
01/20/2008 08:34 PM 15,360 TUNMP.SYS
01/20/2008 08:34 PM 95,744 irda.sys
01/20/2008 08:34 PM 60,416 rspndr.sys
01/20/2008 08:34 PM 47,104 lltdio.sys
01/20/2008 08:34 PM 84,480 luafv.sys
01/20/2008 08:34 PM 24,576 tape.sys
01/20/2008 08:34 PM 47,616 ipfltdrv.sys
01/20/2008 08:34 PM 18,944 mcd.sys
01/20/2008 08:34 PM 16,384 nsiproxy.sys
01/20/2008 08:34 PM 15,872 ws2ifsl.sys
01/20/2008 08:34 PM 64,000 mpsdrv.sys
01/20/2008 08:34 PM 8,192 rootmdm.sys
01/20/2008 08:34 PM 6,144 RDPENCDD.sys
01/20/2008 08:34 PM 25,088 vga.sys
01/20/2008 08:34 PM 8,192 mskssrv.sys
01/20/2008 08:34 PM 5,504 mspqm.sys
01/20/2008 08:34 PM 6,016 mstee.sys
01/20/2008 08:34 PM 5,888 mspclock.sys
01/20/2008 08:34 PM 16,896 ndisuio.sys
01/20/2008 08:34 PM 17,408 smclib.sys
01/20/2008 08:34 PM 62,976 raspptp.sys
01/20/2008 08:34 PM 76,288 rasl2tp.sys
01/20/2008 08:34 PM 31,744 modem.sys
01/20/2008 08:34 PM 83,328 WUDFRd.sys
01/20/2008 08:34 PM 51,200 WUDFPf.sys
01/20/2008 08:34 PM 23,552 tssecsrv.sys
04/22/2008 12:17 AM 2,016,256 igdkmd32.sys
07/02/2008 12:43 AM 146,036 HSFProf.cty
07/02/2008 12:43 AM 980,992 HSX_DPV.sys
07/02/2008 12:43 AM 661,504 HSX_CNXT.sys
07/02/2008 12:43 AM 266,752 HSXHWBS2.sys
07/02/2008 12:43 AM 12,672 mdmxsdk.sys
07/02/2008 12:43 AM 386,560 XAudio.exe
07/02/2008 12:43 AM 8,704 XAudio.sys
02/28/2009 03:48 AM 4,085 1028_Dell_INS_530.mrk
02/28/2009 03:51 AM 28,728 msahci.sys
04/10/2009 08:52 PM 684,032 spsys.sys
04/10/2009 10:13 PM 142,848 fastfat.sys
04/10/2009 10:13 PM 136,704 exfat.sys
04/10/2009 10:13 PM 226,816 udfs.sys
04/10/2009 10:14 PM 35,328 npfs.sys
04/10/2009 10:14 PM 75,264 dfsc.sys
04/10/2009 10:14 PM 225,280 rdbss.sys
04/10/2009 10:14 PM 114,688 mrxdav.sys
04/10/2009 10:22 PM 33,280 watchdog.sys
04/10/2009 10:23 PM 76,288 dxg.sys
04/10/2009 10:38 PM 17,408 kbdhid.sys
04/10/2009 10:38 PM 149,504 ks.sys
04/10/2009 10:39 PM 19,456 Diskdump.sys
04/10/2009 10:39 PM 67,072 cdrom.sys
04/10/2009 10:42 PM 561,152 hdaudbus.sys
04/10/2009 10:42 PM 52,992 stream.sys
04/10/2009 10:42 PM 39,424 hidclass.sys
04/10/2009 10:42 PM 12,800 hidusb.sys
04/10/2009 10:42 PM 167,936 portcls.sys
04/10/2009 10:42 PM 39,936 usbehci.sys
04/10/2009 10:42 PM 65,536 USBSTOR.SYS
04/10/2009 10:42 PM 25,856 USBCAMD.sys
04/10/2009 10:42 PM 25,856 USBCAMD2.sys
04/10/2009 10:42 PM 226,304 usbport.sys
04/10/2009 10:43 PM 196,096 usbhub.sys
04/10/2009 10:43 PM 148,480 nwifi.sys
04/10/2009 10:45 PM 66,560 smb.sys
04/10/2009 10:45 PM 113,664 rmcast.sys
04/10/2009 10:45 PM 185,856 netbt.sys
04/10/2009 10:45 PM 72,192 pacer.sys
04/10/2009 10:45 PM 72,192 tdx.sys
04/10/2009 10:46 PM 33,280 rndismpx.sys
04/10/2009 10:46 PM 33,280 RNDISMP.sys
04/10/2009 10:46 PM 15,872 usb8023.sys
04/10/2009 10:46 PM 15,872 usb8023x.sys
04/10/2009 10:46 PM 41,472 raspppoe.sys
04/10/2009 10:46 PM 121,344 ndiswan.sys
04/10/2009 10:46 PM 69,120 rassstp.sys
04/10/2009 10:47 PM 273,920 afd.sys
04/10/2009 10:51 PM 180,736 rdpwd.sys
04/10/2009 11:42 PM 93,696 bridge.sys
04/11/2009 12:32 AM 19,944 atapi.sys
04/11/2009 12:32 AM 27,624 Dumpata.sys
04/11/2009 12:32 AM 35,304 crashdmp.sys
04/11/2009 12:32 AM 48,104 mup.sys
04/11/2009 12:32 AM 53,736 disk.sys
04/11/2009 12:32 AM 54,248 partmgr.sys
04/11/2009 12:32 AM 109,032 ataport.sys
04/11/2009 12:32 AM 99,816 FWPKCLNT.SYS
04/11/2009 12:32 AM 141,288 ecache.sys
04/11/2009 12:32 AM 125,928 Classpnp.sys
04/11/2009 12:32 AM 161,752 msrpc.sys
04/11/2009 12:32 AM 180,712 msiscsi.sys
04/11/2009 12:32 AM 223,208 netio.sys
04/11/2009 12:32 AM 265,688 acpi.sys
04/11/2009 12:32 AM 190,424 fltMgr.sys
04/11/2009 12:32 AM 527,848 ndis.sys
04/11/2009 12:32 AM 14,312 pciide.sys
04/11/2009 12:32 AM 1,083,880 ntfs.sys
04/11/2009 12:32 AM 43,496 pciidex.sys
04/11/2009 12:32 AM 53,224 termdd.sys
04/11/2009 12:32 AM 122,344 Storport.sys
04/11/2009 12:32 AM 149,480 pci.sys
04/11/2009 12:32 AM 226,280 volsnap.sys
04/11/2009 12:33 AM 292,840 volmgrx.sys
06/15/2009 05:15 PM 439,864 ksecdd.sys
09/24/2009 07:27 PM 634,880 dxgkrnl.sys
09/30/2009 07:01 PM 40,448 WpdUsb.sys
11/03/2009 01:41 PM 411,648 http.sys
12/08/2009 11:26 AM 30,720 tcpipreg.sys
12/09/2009 05:43 AM en-US
02/18/2010 05:28 AM 25,088 tunnel.sys
02/23/2010 05:10 AM 106,496 mrxsmb.sys
02/23/2010 05:10 AM 79,360 mrxsmb20.sys
02/23/2010 05:10 AM 212,992 mrxsmb10.sys
06/16/2010 10:04 AM 905,088 tcpip.sys
06/28/2010 02:10 PM 12,112 aswNdis.sys
09/06/2010 07:45 AM 102,400 srvnet.sys
09/06/2010 07:45 AM 145,408 srv2.sys
09/06/2010 07:45 AM 304,128 srv.sys
09/07/2010 08:47 AM 17,744 aswFsBlk.sys
09/07/2010 08:47 AM 50,768 aswMonFlt.sys
09/07/2010 08:47 AM 23,376 aswRdr.sys
09/07/2010 08:52 AM 165,584 aswSP.sys
09/07/2010 08:52 AM 46,672 aswTdi.sys
09/07/2010 08:53 AM 190,416 aswNdis2.sys
09/07/2010 08:53 AM 340,048 aswSnx.sys
09/07/2010 08:54 AM 99,792 aswFW.sys
09/09/2010 07:41 PM UMDF
11/27/2010 03:05 AM NSS
11/29/2010 05:42 PM 20,952 mbam.sys
11/29/2010 05:42 PM 38,224 mbamswissarmy.sys
12/11/2010 10:26 AM .
12/11/2010 10:26 AM ..
289 File(s) 38,248,745 bytes
6 Dir(s) 175,848,435,712 bytes free


Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
AutoHide REG_SZ yes
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\Windows\System32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
WarnOnPost REG_BINARY 01000000
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgradeDone REG_DWORD 0x1
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY B05799A680FCC901
SyncMode5 REG_DWORD 0x4

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ no
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://www.msn.com
Default_Page_URL REG_SZ http://www.msn.com
CompatibilityFlags REG_DWORD 0x0
StartPageCache REG_DWORD 0x1
FullScreen REG_SZ no
SearchMigrated REG_DWORD 0x0
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300003C020000
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
FormSuggest PW Ask REG_SZ no
NotifyDownloadComplete REG_SZ yes
Friendly http errors REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Use FormSuggest REG_SZ yes
AutoSearch REG_DWORD 0x1
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 2008C8917691CA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 002CEA4B9EFCC901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 70B71EA07691CA01
SearchAssistant REG_SZ
ControlTooltipCount REG_DWORD 0x5
SearchDefaultBranded REG_DWORD 0x1
IE8TourNoShow REG_DWORD 0x1
AutoHide REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ www.bing.com
FormSuggest Passwords REG_SZ yes
Search Bar REG_SZ
Start Page Restore REG_SZ http://www.msn.com/
Error Dlg Details Pane Open REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
Check_Associations REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{21FA44EF-376D-4D53-9B0F-8A89D3229068} REG_BINARY 00
{5BED3930-2E9E-76D8-BACC-80DF2188D455} REG_BINARY 00
{89A2510A-B4B6-4683-BEC9-1B96700BC7F1} REG_BINARY 00
{9D425283-D487-4337-BAB6-AB8354A81457} REG_SZ Search Toolbar
{8dcb7100-df86-4384-8842-8fa844297b3f} REG_BINARY 00
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00




Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
AntiVirusOverride REG_DWORD 0x0
AntiSpywareOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
VistaSp1 REG_NONE 12B7DA3ED95BC801
VistaSp2 REG_NONE 93B08F43946CCA01


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging


Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_HSF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Game Console
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoToAssist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MightyMagoo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.12)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPoints Toolbar 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent dell Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050941



Last edited by jabunt on Sat Dec 11, 2010 1:05 pm; edited 1 time in total (Reason for editing : forgot to put on what system is running since not on my normal machine)

2 Re: Removal of System Tool 2011 on Sat Dec 11, 2010 12:16 pm

jabunt


New Member
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050947
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050948
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050949
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050955
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050956
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050957
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050958
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050959
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT050960
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E6E30D-B498-442F-A943-07DE41D7F785}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08234a0d-cf39-4dca-99f0-0c5cb496da81}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08E81ABD-79F7-49C2-881F-FD6CB0975693}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{294EAADF-E50F-4DD8-AD8D-19587EA10512}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D8F9830-D6A3-413A-9A54-993827A73E47}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7456BBA3-642F-4E59-9F89-7639977D7C39}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77DCDCE3-2DED-62F3-8154-05E745472D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F931595-5561-4E26-AC78-7E9B1E3E9C98}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A94000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-5464-3428-900000000004}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B935C985-A17F-484B-8470-09E4FC27DC26}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF6685DC-50F9-48EA-B2FF-99AF905D7660}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9D754A1-EAC5-406C-A28B-C49B1E846711}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F69E83CF-B440-43F8-89E6-6EA80712109B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F73A5B18-EB75-4B2C-B32D-9457576E2417}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! BrowserPlus


Adobe Products


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.82.76
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.85.3
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
DisplayName REG_SZ Adobe Shockwave Player 11.5
UninstallString REG_SZ "C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
DisplayIcon REG_SZ C:\Windows\system32\Adobe\Shockwave 11\SwInit.exe,0
DisplayVersion REG_SZ 11.5.9.615
HelpLink REG_SZ http://www.adobe.com/support/shockwave
InstallLocation REG_SZ C:\Windows\system32\Adobe
Publisher REG_SZ Adobe Systems, Inc.
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/software/shockwaveplayer/index.html
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x1



Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Search Protection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
YSearchProtection REG_SZ C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
Weather REG_SZ C:\Program Files\AWS\WeatherBug\Weather.exe 1
Google Update REG_SZ "C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl REG_SZ RtHDVCpl.exe
IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe
Persistence REG_SZ C:\Windows\system32\igfxpers.exe
PDVDDXSrv REG_SZ "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
dellsupportcenter REG_SZ "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
YSearchProtection REG_SZ "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
avast5 REG_SZ C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
Windows Mobile-based device management REG_EXPAND_SZ %windir%\WindowsMobile\wmdSync.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Mightymagoo REG_SZ C:\Program Files\Mighty Magoo\mightymagoo32.exe a
Bing Bar REG_SZ "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
Microsoft Default Manager REG_SZ "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
Malwarebytes' Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer



Restrictions - REGEDIT



Restrictions - Explorer



DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51E8A5F8-FEE1-40D1-843D-F8834FF33610}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61EAE8DC-0AD7-4236-8DDF-79A167CC7DFE}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Mom-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-2A-FB-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5959:68de:da23:f217%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 11, 2010 10:55:40 AM
Lease Expires . . . . . . . . . . : Tuesday, January 17, 2147 5:32:41 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-3A-57-C0-00-21-9B-2A-FB-64
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


AppInit DLLs


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks




Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x21c
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x2
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AvastUI.exe
Path REG_SZ C:\Program Files\Alwil Software\Avast5
(Default) REG_SZ C:\Program Files\Alwil Software\Avast5\AvastUI.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
Path REG_SZ C:\Program Files\Digital Line Detect
(Default) REG_SZ C:\Program Files\Digital Line Detect\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DModem.exe
(Default) REG_SZ C:\PROGRA~1\MODEMD~1\DModem.exe
Path REG_SZ C:\Program Files\Modem Diagnostic Tool\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\EDocs.exe
Path REG_SZ c:\dell\docs
(Default) REG_SZ c:\dell\docs\EDocs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
(Default) REG_SZ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\netwaiting.exe
Path REG_SZ C:\Program Files\NetWaiting
(Default) REG_SZ C:\Program Files\NetWaiting\netwaiting.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD.exe
Path REG_SZ C:\Program Files\CyberLink\PowerDVD DX
(Default) REG_SZ C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central36.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\
(Default) REG_SZ C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stax.exe
(Default) REG_SZ C:\Program Files\Roxio\stax.exe
Path REG_SZ C:\Program Files\Roxio\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCESCOMM.EXE
(Default) REG_EXPAND_SZ %windir%\windowsmobile\wcescomm.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\WksCal.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
(Default) REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\wlmail.exe
Path REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\System32\XPSViewer\XPSViewer.exe"



Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
msntoolbar@msn.com REG_SZ C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox
{27182e60-b5f3-411c-b545-b44205977502} REG_SZ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.12
CurrentVersion REG_SZ 3.6.12 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.12 (en-US)
(Default) REG_SZ 3.6.12 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.12 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.12 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.12)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.12
GeckoVer REG_SZ 1.9.2.12

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.12\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.12\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins



Shared Task Scheduler


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon



SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll



Downloaded program files (ActiveX)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: C:\windows\Downloaded Program Files

desktop.ini
dwusplay.dll
dwusplay.exe
erma.inf
isusweb.dll
swdir.inf


Mountpoints


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1323db-f085-11de-841c-00219b2afb64}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d1323e9-f085-11de-841c-00219b2afb64}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2efab9a6-ae24-11de-931a-00219b2afb64}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2efab9a9-ae24-11de-931a-00219b2afb64}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{877d090c-dba9-11df-9056-00219b2afb64}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c37da7-053d-11de-a281-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c37da8-053d-11de-a281-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c37dab-053d-11de-a281-806e6f6e6963}


Winlogon


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x27
System REG_SZ
Taskman REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked


Windows Update


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-12-11 14:53:11
LastError REG_DWORD 0x0



Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antispyware: Windows Defender *Scanner enabled* (Up to date) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


{END OF FILE}

3 Re: Removal of System Tool 2011 on Sat Dec 11, 2010 10:42 pm

DragonMaster Jay


Site Owner
Site Owner
Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:
  • Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do this:

    Reply to this topic with the word BUMP.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.




Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

4 Bump on Sun Dec 12, 2010 12:07 pm

jabunt


New Member
Bump This was run in Safe mode with Networking.

ComboFix 10-12-11.06 - Mom 12/12/2010 10:56:10.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1600 [GMT -6]
Running from: c:\users\Mom\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\hBpHi06301
c:\programdata\hBpHi06301\hBpHi06301
c:\programdata\hBpHi06301\hBpHi06301.exe
c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk

.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 17:01 . 2010-12-12 17:01 -------- d-----w- c:\users\Mom\AppData\Local\temp
2010-12-12 17:01 . 2010-12-12 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 16:49 . 2010-12-11 16:49 -------- d-----w- c:\program files\ERUNT
2010-12-11 16:20 . 2010-12-11 16:20 -------- d-----w- c:\users\Mom\AppData\Roaming\Malwarebytes
2010-12-11 16:20 . 2010-12-11 16:20 -------- d-----w- c:\programdata\Malwarebytes
2010-12-11 16:20 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 16:20 . 2010-12-11 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 16:20 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 13:22 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{300E5DF6-E51F-468A-A21D-EEAC352B2F89}\mpengine.dll
2010-11-27 09:05 . 2010-11-27 09:05 -------- d-----w- c:\programdata\Norton
2010-11-27 09:05 . 2010-11-27 09:05 -------- d-----w- c:\windows\system32\drivers\NSS
2010-11-27 09:05 . 2010-11-27 09:05 -------- d-----w- c:\programdata\Symantec
2010-11-27 09:05 . 2010-11-27 09:05 -------- d-----w- c:\program files\Norton Security Scan
2010-11-27 09:05 . 2010-11-27 09:05 -------- d-----w- c:\program files\NortonInstaller
2010-11-23 18:24 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-10-03 00:30 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-12-13 04:02 1445888 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-12-13 1445888]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-12-13 1445888]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-01 1693184]
"Google Update"="c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-28 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-28 08:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-09-07 119200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-06-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:12]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 20:12]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944165837-3539766159-2639353112-1000Core.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 11:18]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944165837-3539766159-2639353112-1000UA.job
- c:\users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 11:18]

2010-12-10 c:\windows\Tasks\Norton Security Scan for Mom.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-27 06:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
Trusted Zone: avast.com\dr-store
Trusted Zone: element5.com\esd
FF - ProfilePath - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\io3h83br.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Mom\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Mom\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\io3h83br.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\io3h83br.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: MyPoints Point Finder: {51ef49d2-624b-4194-8b97-1c468e9b0efe} - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\io3h83br.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
FF - Ext: Panda3D Game Engine Plug-In: runtime@panda3d.org - c:\users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\io3h83br.default\extensions\runtime@panda3d.org
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-CEC4-75A487FD6484} - (no file)
HKLM-Run-Mightymagoo - c:\program files\Mighty Magoo\mightymagoo32.exe
HKLM-RunOnce- - (no file)
AddRemove-MightyMagoo - c:\program files\Mighty Magoo\mmagooun.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 11:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1e,b4,fa,50,98,89,43,89,84,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,1e,b4,fa,50,98,89,43,89,84,86,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-12 11:03:15
ComboFix-quarantined-files.txt 2010-12-12 17:03

Pre-Run: 175,713,021,952 bytes free
Post-Run: 175,673,561,088 bytes free

- - End Of File - - 3895011C8293B502ED79E0838A2D362E

5 Re: Removal of System Tool 2011 on Sun Dec 12, 2010 1:43 pm

jabunt


New Member
This seems to have removed it. Thanks your a life saver!! cheers

6 Re: Removal of System Tool 2011 on Sun Dec 12, 2010 3:14 pm

DragonMaster Jay


Site Owner
Site Owner
Let's be sure it is gone.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 1]

SecuraGeek Forums » Malware/Threat Removal » Removal of System Tool 2011

Permissions in this forum:
You cannot reply to topics in this forum