Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet explorer 8 'tab has been removed' error and desktop not loading up after reboot


  • This topic is locked This topic is locked
56 replies to this topic

#1 dhillon

dhillon

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 04 January 2011 - 04:52 PM

Hi there,

Recently IE8 has been playing up, while browsing the tab will refresh and a error message will come up saying "This tab has been recovered" sometimes it will error and close IE.

Another problem is that a lot of times after rebooting my system the desktop does not load at all even after waiting for a long time.

I have reset IE settings and also have uninstalled and reinstalled both IE7 and IE8 however there are similiar issues with IE7 it just randomly shuts down so im guessing there must be some virus on my system that my Anti-virus program is not picking up.

FYI - im running Microsoft Advanced system care and Zone Alarm firewall.

Hope anyone can help me as it really is getting annoying.

Kind Regards

Dhillon

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:02:14 PM

Posted 09 January 2011 - 10:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 13 January 2011 - 05:26 PM

Hi,

Thank you for your reply. I have ran the scans and have added the 3 logs requested.

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:14 PM

Posted 14 January 2011 - 11:51 AM

Hello, dhillon
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 14 January 2011 - 01:14 PM

Hi Tom,

Thnanks for your reply. I have carried out your instructions. Please see the combolog attached.

Many Thanks

Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:14 PM

Posted 15 January 2011 - 12:42 PM

Hi,

How is it running now?


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.





Please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the content of the 2 logfiles.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 15 January 2011 - 05:22 PM

Hi Tom,

Still having th same problem with explorer tabs refeshing and producing the 'tab recovered' error.

I have ran the MAB scan and it has not identified any infections:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5526

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/01/2011 21:43:34
mbam-log-2011-01-15 (21-43-34).txt

Scan type: Quick scan
Objects scanned: 174446
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Also i have attached the 2 logs for OTL.

Thanks

Attached Files



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:14 PM

Posted 16 January 2011 - 11:12 AM

Hi,

Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm


I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.





Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.





Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 23...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version.





Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL 
    SRV - File not found [Disabled | Stopped] --  -- (WQSAQSKGZHX)
    SRV - File not found [Disabled | Stopped] --  -- (PPXWRYWEPCX)
    SRV - File not found [Disabled | Stopped] --  -- (PPDUGDX)
    SRV - File not found [Disabled | Stopped] --  -- (IWJHFOC)
    SRV - File not found [Disabled | Stopped] --  -- (CIEYMAFAF)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please uninstall Internet Explorer 8 through Add/Remove Programs and reboot. Visit Windows update and install Internet Explorer 8 again. Now please open OTL, set the extra registry tab to use safe list and hit the run scan button, post back with the 2 logfiles.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 16 January 2011 - 05:46 PM

Hi Tom,

There was no asktool bar in the add/remove programs. Please see below for the OTL custom scan/fix:

All processes killed
========== OTL ==========
Service WQSAQSKGZHX stopped successfully!
Service WQSAQSKGZHX deleted successfully!
Service PPXWRYWEPCX stopped successfully!
Service PPXWRYWEPCX deleted successfully!
Service PPDUGDX stopped successfully!
Service PPDUGDX deleted successfully!
Service IWJHFOC stopped successfully!
Service IWJHFOC deleted successfully!
Service CIEYMAFAF stopped successfully!
Service CIEYMAFAF deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10CECF4F-A96E-4803-8AC2-F565FB29FF47} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10CECF4F-A96E-4803-8AC2-F565FB29FF47}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65832 bytes

User: NetworkService
->Temp folder emptied: 16590 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 4476 bytes

User: Owner

User: Rashpal
->Temp folder emptied: 1867397 bytes
->Temporary Internet Files folder emptied: 15293069 bytes
->Java cache emptied: 1137361 bytes
->Flash cache emptied: 10831 bytes

User: User 1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
->Flash cache emptied: 2731 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19900720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 113036 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01162011_212119

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\Perflib_Perfdata_224.dat not found!
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DF187.tmp not found!
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DF80D.tmp not found!
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DF8E6.tmp not found!
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DFD7.tmp not found!
C:\Documents and Settings\Rashpal\Local Settings\Temp\~DFE361.tmp moved successfully.
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DFFD79.tmp not found!
File\Folder C:\Documents and Settings\Rashpal\Local Settings\Temp\~DFFDD7.tmp not found!
C:\Documents and Settings\Rashpal\Local Settings\Temporary Internet Files\Content.IE5\FX8PXXGK\page__p__2080672__fromsearch__1[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT057fa.TMP not found!

Registry entries deleted on Reboot...



I have also added the 2 other logs as requested.

Thanks

Attached Files

  • Attached File  OTL.Txt   111.62KB   0 downloads


#10 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 16 January 2011 - 05:48 PM

Sorry forgot to add the Extra log. Please see below:

OTL Extras logfile created on: 16/01/2011 22:34:18 - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Rashpal\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 413.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.03 Gb Total Space | 0.52 Gb Free Space | 0.74% Space Free | Partition Type: NTFS

Computer Name: RASH | User Name: Rashpal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Disabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Disabled:SingleClick ICC
"139:TCP" = 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Disabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\O2\agent\bin\bcont.exe" = C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\bin\wificfg.exe" = C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe" = C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\agent\bin\bcont_nm.exe" = C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\drivers\imonagent\eamservice.exe" = C:\WINDOWS\system32\drivers\imonagent\eamservice.exe:*:Enabled:Windows service provider -- (EAM software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.208.00
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{32A3A4F4-B792-11D6-A78A-00B0D0150020}" = J2SE Development Kit 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C9799-1FD5-4BB2-925D-54B97AE6A908}" = AVOne 3GP Video Converter
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{88E7C648-2E69-4FF7-AAC9-A80F6933FFA3}" =
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ADAA2ABE-84B6-46EB-8191-7F22044E3290}" = O2 PC Contacts Tool
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}" = isposure (installed by tbbMeter)
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AGFAnet Print Service" = AGFAnet Print Service
"Any Video Converter_is1" = Any Video Converter 3.0.3
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"ATI Display Driver" = ATI Display Driver
"Audio File Cutter_is1" = Audio File Cutter 3.20
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"DivX Content Uploader" = DivX Content Uploader
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"EPSON Printer and Utilities" = EPSON Printer Software
"ESD88 User's Guide" = ESD88 User's Guide
"ESET Online Scanner" = ESET Online Scanner v3
"Flash Movie Player" = Flash Movie Player 1.5
"Flash to Video Batch Converter_is1" = Flash to Video Batch Converter
"Flash to Video Encoder Pro_is1" = Flash to Video Encoder Pro
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIXERLITE" = Mixer
"NetLogo 4.0" = NetLogo 4.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"PCL-W310" = PCL-W310
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"Power MP3 Cutter 2006_is1" = Power MP3 Cutter 2006, (ver 2.5)
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Riva FLV Player_is1" = Riva FLV Player
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Security Task Manager" = Security Task Manager 1.7g
"SopCast" = SopCast 2.0.4
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"WM Recorder 11.0" = WM Recorder 11.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/01/2011 06:50:03 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 03/01/2011 07:29:55 | Computer Name = RASH | Source = Windows Live Messenger | ID = 1000
Description =

Error - 03/01/2011 12:14:58 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 03/01/2011 14:32:38 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 03/01/2011 14:56:15 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037c89.

Error - 04/01/2011 07:41:29 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 04/01/2011 17:02:48 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17091, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 05/01/2011 17:47:47 | Computer Name = RASH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mfc42.dll, version 6.2.8073.0, fault address 0x00001968.

Error - 09/01/2011 08:51:03 | Computer Name = RASH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 09/01/2011 08:51:03 | Computer Name = RASH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

[ System Events ]
Error - 16/01/2011 17:21:27 | Computer Name = RASH | Source = Service Control Manager | ID = 7034
Description = The NICCONFIGSVC service terminated unexpectedly. It has done this
1 time(s).

Error - 16/01/2011 17:21:28 | Computer Name = RASH | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 16/01/2011 17:21:50 | Computer Name = RASH | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (O2) service terminated unexpectedly.
It has done this 1 time(s).

Error - 16/01/2011 17:21:52 | Computer Name = RASH | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696
(Definition 1.95.4042.0).

Error - 16/01/2011 17:22:15 | Computer Name = RASH | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1056

Error - 16/01/2011 17:22:15 | Computer Name = RASH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 16/01/2011 17:27:10 | Computer Name = RASH | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 16/01/2011 17:27:10 | Computer Name = RASH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 16/01/2011 17:42:14 | Computer Name = RASH | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 16/01/2011 17:42:14 | Computer Name = RASH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:14 PM

Posted 17 January 2011 - 01:33 PM

Hi,

How is it running now?


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 17 January 2011 - 04:41 PM

Hi Tom,

Has been running ok so far. Please see log below:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=a358f09564f5494a8f3308c0066ba533
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-17 09:06:47
# local_time=2011-01-17 09:06:47 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 69977894 69977894 0 0
# compatibility_mode=768 16777215 100 0 25085871 25085871 0 0
# compatibility_mode=2049 16777214 0 5 69031573 69031573 0 0
# compatibility_mode=5891 16776533 100 100 82145 25746020 0 0
# compatibility_mode=8192 67108863 100 0 14689679 14689679 0 0
# compatibility_mode=9217 16777214 75 70 64288058 68705930 0 0
# compatibility_mode=9730 16764926 0 4 70096202 70096202 0 0
# scanned=109230
# found=8
# cleaned=8
# scan_time=6968
C:\Program Files\Registry Winner\RegistryWinner.exe a variant of Win32/Adware.RegistryVictor application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Winner\RWCleaner.dll Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Winner\RWOptimizer.dll Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Winner\Update.exe Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP576\A0223457.exe a variant of Win32/Adware.RegistryVictor application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP576\A0223458.dll Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP576\A0223459.dll Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP576\A0223460.exe Win32/Adware.RegistryWinner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#13 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 18 January 2011 - 02:26 PM

Hi Tom,

Just to let you know i still have the problem with the tab error.

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:14 PM

Posted 20 January 2011 - 12:40 AM

Did you uninstall IE8 and reinstall it?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 dhillon

dhillon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 January 2011 - 01:59 PM

Yes i did i followed your instructions exactly.
Still get the tab error and sometimes on reboot by desktop takesa very long time to load up.

Thanks.

Dhillon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users