Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked by Google Re-Direct -- Help!


  • This topic is locked This topic is locked
18 replies to this topic

#1 HelpHolland

HelpHolland

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 23 January 2011 - 01:03 PM

Hello!

In Spain on vacation and got hijacked by a virus/malware/etc. (not sure the difference or which is at fault)! I am writing within 24 hours of this all happening.

The weird things that I observed are these:

(1) When I start up my computer, RealPlayer opens up. I never use RealPlayer, so this is weird.

(2) Some error window also opens up, not sure what it says (can't remember -- sorry!).

(3) MAIN THING: Every search from google gets re-directed to a variety of weird sites, ultimately settling on gomeo spain (gomeo.es). It even does this sometimes when just putting a web address in the browser directly, but not usually. I use internet explorer and don't have another browser installed.

I ran my AVG Anti-Virus scan and nothing showed up as the problem.

Please help! Many many thanks in advance.

HelpHolland

=============================================================================================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Stephen at 19:20:54.59 on Sun 01/23/2011
internet explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.222 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
svchost.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr

============== Running Processes ===============

\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://news.bbc.co.uk/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.google.com
UseHR REG_DWORD 1 (0x1)
Error Dlg Displayed On Every Error REG_SZ no
Use Search Asst REG_SZ no
Search Bar REG_SZ http://www.google.com/ie
Enable Browser Extensions REG_SZ yes
FullScreen REG_SZ no
Default_Page_URL REG_SZ http://www.google.com/ig/dell?hl=en
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffff0000000000000000ed04000002030000
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ no
AddToFavoritesExpanded REG_DWORD 0 (0x0)
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0 (0x0)
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 2c0d45c49b69ca01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY 7649a61afb21ca01
Save Directory REG_SZ c:\Documents and Settings\Stephen\Desktope\
Default_Search_URL REG_SZ http://www.google.com/ie
AutoHide REG_SZ yes
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY 469433fd9b69ca01
AutoSearch REG_DWORD 4 (0x4)

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
EnableNegotiate REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)
PrivDiscUiShown REG_DWORD 1 (0x1)
SecureProtocols REG_DWORD 40 (0x28)
UrlEncoding REG_DWORD 0 (0x0)
ZonesSecurityUpgrade REG_BINARY fa8610ccfa21ca01
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 0 (0x0)
EnableAutodial REG_DWORD 0 (0x0)
GlobalUserOffline REG_DWORD 0 (0x0)
ProxyOverride REG_SZ *.local

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Protocols

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\TemplatePolicies

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\internet explorer\search
SearchAssistant REG_SZ http://www.google.com/ie
Default_Search_URL REG_SZ http://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
Default_Page_URL REG_SZ http://www.google.com/ig/dell?hl=en
Start Page REG_SZ http://www.google.com/ig/dell?hl=en
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
{A3BC75A2-1F87-4686-AA43-5347D756017C}URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_USERS\.default\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
{A3BC75A2-1F87-4686-AA43-5347D756017C}URLSearchHooks: H - No File

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Stephen
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Stephen
AltDefaultDomainName REG_SZ DGQZB691
DefaultDomainName REG_SZ DGQZB691
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Device REG_SZ hp psc 1200 series,winspool,Ne02:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5CA3D70E-1895-11CF-8E15-001234567890} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [DellSupport] "c:\Program Files\Dell Supporte\DSAgnt.exe" /startup
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [swg] "c:\Program Files\Google\GoogleToolbarNotifiere\GoogleToolbarNotifier.exe"
urun: [Google Update] "c:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Updatee\GoogleUpdate.exe" /c
urun: [MSMSGS] "c:\Program Files\Messengere\msmsgs.exe" /background
urun: [Samsung_AppInst] e:\SamsungSoftwaree\AppInst.exe
mrun: [ehTray] c:\WINDOWS\ehomee\ehtray.exe
mrun: [Apoint] c:\Program Files\Apointe\Apoint.exe
mrun: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bine\jusched.exe"
mrun: [<NO NAME>]
mrun: [IntelWireless] c:\Program Files\Intel\Wireless\Bine\ifrmewrk.exe /tf Intel PROSet/Wireless
mrun: [ATIPTA] "c:\Program Files\ATI Technologies\ATI Control Panele\atiptaxx.exe"
mrun: [Dell QuickSet] c:\program files\dell\quicksete\quickset.exe
mrun: [DVDLauncher] "c:\Program Files\CyberLink\PowerDVDe\DVDLauncher.exe"
mrun: [RealTray] c:\Program Files\Real\RealPlayere\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mrun: [dla] c:\WINDOWS\system32\dlae\tfswctrl.exe
mrun: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateServicee\isuspm.exe" -startup
mrun: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateServicee\issch.exe" -start
mrun: [Google Desktop Search] "c:\Program Files\Google\Google Desktop Searche\GoogleDesktop.exe" /startup
mrun: [Corel Photo Downloader] c:\Program Files\Corel\Corel Photo Album 6e\MediaDetect.exe
mrun: [IMJPMIG8.1] "c:\WINDOWS\IME\imjp8_1e\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mrun: [IMEKRMIG6.1] c:\WINDOWS\ime\imkr6_1e\IMEKRMIG.EXE
mrun: [MSPY2002] c:\WINDOWS\system32\IME\PINTLGNTe\ImScInst.exe /SYNC
mrun: [PHIME2002ASync] c:\WINDOWS\system32\IME\TINTLGNTe\TINTSETP.EXE /SYNC
mrun: [PHIME2002A] c:\WINDOWS\system32\IME\TINTLGNTe\TINTSETP.EXE /IMEName
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\qttask.exe" -atboottime
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [AVG_TRAY] c:\Program Files\AVG\AVG10e\avgtray.exe
mrun: [NBHGui] c:\Program Files\Nero\Tools\InCDe\NBHGui.exe
mrun: [InCD] c:\Program Files\Nero\Tools\InCDe\InCD.exe
mrun: [LogitechCommunicationsManager] "c:\Program Files\Common Files\Logitech\LComMgre\Communications_Helper.exe"
mrun: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\QuickCam10e\QuickCam10.exe" /hide
mrun: [LVCOMSX] "c:\Program Files\Common Files\Logitech\LComMgre\LVComSX.exe"
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~3.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFGuage.exe
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~2.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFRealTimeD.exe
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFTimerD.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files\Digital Line Detecte\DLG.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPPSC1~1.LNK - C:\Program Files\Hewlett-Packard\Digital Imaging\bine\hpohmr08.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files\Hewlett-Packard\Digital Imaging\bine\hpotdd01.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\2.0.181e\SSScheduler.exe

ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Add to Google Photos Screensa&ver
ie: <NO NAME> REG_SZ res://c:\WINDOWS\system32e\GPhotos.scr/200
ie: Contexts REG_DWORD 34 (0x22)

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Google Sidewiki...
ie: <NO NAME> REG_SZ res://c:\Program Files\Google\Google Toolbar\Componente\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
ie: Contexts REG_DWORD 19 (0x13)

ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { ButtonText - REG_SZ Research
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\OFFICE11e\REFBAR.ICO
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\OFFICE11e\REFBARH.ICO

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ie: { ButtonText - REG_SZ Real.com
ie: { HotIcon - REG_SZ c:\Program Files\Real\RealPlayere\eb_act.ico
ie: { Icon - REG_SZ c:\Program Files\Real\RealPlayere\eb_inact.ico
ie: { ToolTip - REG_SZ Real.com Explorer Bar
ie: { Default Visible - REG_SZ Yes

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
ie: { MenuText - REG_SZ @xpsp3res.dll,-20001
ie: { Exec - REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - {fe54fa40-d68c-11d2-98fa-00c0f0318afe}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!


























































































































































































































































































































































































































































































































































































































































































about REG_DWORD 2 (0x2)
https REG_DWORD 2 (0x2)
https REG_DWORD 2 (0x2)

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains\Files
c:\WINDOWS\system32e\LegitCheckControl.DLL REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation
CODEBASE REG_SZ http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\LegitCheckControl.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\InstalledVersion
<NO NAME> REG_SZ 1,9,42,0

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\UploaderX.dll REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\DownloadInformation
CODEBASE REG_SZ http://picasaweb.google.com/s/v/55.16/uploader2.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\default.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\InstalledVersion
<NO NAME> REG_SZ 1,0,0,31
LastModified REG_SZ Wed, 05 Nov 2008 01:48:41 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\InstalledVersion
<NO NAME> REG_SZ 4,0,0,99
LastModified REG_SZ Mon, 14 Nov 2005 14:22:28 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\Contains\Files
c:\WINDOWS\system32e\unicows.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\PhotoUploader55.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\DownloadInformation
CODEBASE REG_SZ http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\PhotoUploader55.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\InstalledVersion
<NO NAME> REG_SZ 5,5,8,1
LastModified REG_SZ Mon, 31 Aug 2009 01:06:12 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.4.2
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1,4,2,3

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\gp.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation
CODEBASE REG_SZ http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\gp.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\InstalledVersion
<NO NAME> REG_SZ 1,6,2,97
LastModified REG_SZ Mon, 29 Nov 2010 18:46:01 GMT

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NameServer REG_SZ
CLSID - REG_SZ {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
CLSID - REG_SZ {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
appinit_dlls: c:\PROGRA~1\Google\GOOGLE~1e\GOEC62~1.DLL
ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\WINDOWS\system32e\WPDShServiceObj.dll

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
LsaPid REG_DWORD 1304 (0x518)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 1 (0x1)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\WINDOWS\system32\driverse\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\WINDOWS\system32\driverse\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\WINDOWS\system32\driverse\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\WINDOWS\system32\driverse\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\WINDOWS\system32\driverse\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\Program Files\AVG\AVG10\Identity Protection\Agent\Bine\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\Program Files\AVG\AVG10e\avgwdsvc.exe [2010-10-22 265400]
R2 McrdSvc;Media Center Extender Service;c:\WINDOWS\ehomee\mcrdsvc.exe [2005-8-5 99328]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\Program Files\Nero\Tools\InCDe\NBHRegInCDSrv.exe [2009-10-16 53560]
R3 AVGIDSDriver;AVGIDSDriver;c:\WINDOWS\system32\driverse\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\WINDOWS\system32\driverse\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\WINDOWS\system32\driverse\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2010-2-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\Program Files\AVG\AVG10\Toolbare\ToolbarBroker.exe [2010-11-30 517448]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\Program Files\McAfee Security Scan\2.0.181e\McCHSvc.exe [2010-1-15 227232]

=============== File Associations ===============

AcroExch.Document="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.RMFFile="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
!d
Briefcase=explorer.exe %1
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
!d
clpfile=clipbrd.exe %1
!d
Collection=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\system32e\CMMGR32.EXE "%1"
CorelPhotoAlbumFolder=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumPhoto=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumProject=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumUploadAlbum=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
Coverpage=%systemroot%\system32\fxscover.exe "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
EBXTransfer="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE /e
Excel.Chart.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.CSV="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.DIF="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
!d
FavoritePhotos=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
gdpb_AdpBrowser="c:\Program Files\WebCyberCoach\b_Delle\AdpBrowser.exe" -stopall "%1"
giffile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
Google.PhotoViewer.3.0="c:\Program Files\Google\Picasa3e\PicasaPhotoViewer.exe" "%1"
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
holfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /hol "%1"
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
icsfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /ical "%1"
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
iqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE /e
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
Keyword=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
Logitech.VideoEffectPackageHandler=c:\PROGRA~1\Logitech\QUICKC~1e\MODELF~1.EXE "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1
MediaCenter.C2R="c:\WINDOWS\eHomee\ehshell.exe" "%1"
MediaHub.File="c:\Program Files\Common Files\Sonic Shared\Sonic Central\Maine\Mediahub.exe" "%1"
MediaPackageFile="c:\Program Files\Microsoft Office\OFFICE11e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MMJB.BPP="c:\Program Files\Musicmatch\Musicmatch Jukeboxe\mmfwlaunch.exe" "%1"
MMJB.MMZ="c:\Program Files\Musicmatch\Musicmatch Jukeboxe\ti.exe" "%1"
MMS="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
Mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
MS-ITSS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome ms-itss:%1::/
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
msgfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /f "%1"
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSPaper.Document="c:\Program Files\Common Files\Microsoft Shared\MODI\11.0e\MSPVIEW.EXE" "%1"
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
MyDVD.File="c:\Program Files\Sonic\MyDVDe\MyDVD.EXE" "%1"
NeroCoverDesigner.Files9.cdc="c:\Program Files\Nero\Nero 9\Nero CoverDesignere\CoverDes.exe" "%1"
NeroCoverDesigner.Files9.ncd="c:\Program Files\Nero\Nero 9\Nero CoverDesignere\CoverDes.exe" "%1"
NeroExpress.Files9.cue="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.img="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.iso="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nhf="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nhv="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nmd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nr3="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nr4="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nra="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrb="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrc="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nre="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrg="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrh="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nri="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrm="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrs="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nru="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrv="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrw="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nsd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroPhotoSnap.Files9.bmp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.cut="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.dds="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.dib="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.gif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ico="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.iff="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jfif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jng="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpe="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpeg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.koa="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.lbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ljp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.mng="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pcd="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pcx="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.png="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ppm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.psd="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tga="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tiff="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wbmp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wmf="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wpg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.xbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroStartSmart.Files9.nrg="c:\Program Files\Nero\Nero 9\Nero StartSmarte\NeroStartSmart.exe" "%1"
NeroVision.Files9.nvc="c:\Program Files\Nero\Nero 9\Nero Visione\NeroVision.exe" "%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
Office.Binder="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.8="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.95="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.Template.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.Wizard.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder.8="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder.9="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Oice.Excel.Addin=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Excel.Sheet=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Excel.Template=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.Show=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.SlideShow=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.Template=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Word.Document=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
oqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
ossfile="c:\Program Files\Microsoft Office\OFFICE11e\FINDER.EXE" /f "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
outlook="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /select "%1"
Outlook.NavigatorBarFile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /s "%1"
Outlook.Template="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /t "%1"
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Panorama=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PDXFileType="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
PhotoTray=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
picasa="c:\Program Files\Google\Picasa3e\Picasa3.exe" "%1"
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pnm="c:\Program Files\Real\RealPlayere\RealPlay.exe" %1
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="""" /s "%1"
PowerPoint.Template.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
prffile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /PromptImportPRF "%1"
Publisher.Document.11="c:\Program Files\Microsoft Office\OFFICE11e\MSPUB.EXE" %1
Publishing Folder=explorer.exe /idlist,%I,%L
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qup=c:\PROGRA~1\QUICKT~1e\QuickTimeUpdater.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
RealJukebox.RJS.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realsystem-rjs %1
RealJukebox.RMP.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-rn_music_package %1
RealJukebox.RMX.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realsystem-rmx %1
RealPlayer.Flash.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m image/vnd.rn-realflash %1
RealPlayer.MP3PL.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/mpegurl %1
RealPlayer.PIX.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m image/vnd.rn-realpix %1
RealPlayer.RA.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/vnd.rn-realaudio %1
RealPlayer.RAM.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/x-pn-realaudio %1
RealPlayer.RM.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realmedia %1
RealPlayer.RMS.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realmedia-secure %1
RealPlayer.RMVB.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" "%1"
RealPlayer.RP.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realplayer %1
RealPlayer.RSML.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-rsml %1
RealPlayer.RT.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m text/vnd.rn-realtext %1
RealPlayer.RV.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m video/vnd.rn-realvideo %1
RealPlayer.SDP.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/sdp %1
RealPlayer.SMIL.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/smil %1
RealPlayer.WAV.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/wav %1
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
rtsp="c:\Program Files\Real\RealPlayere\RealPlay.exe" %1
SavedDsQuery=rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
SchedulePlus.Application.7="c:\Program Files\Microsoft Office\OFFICE11\1033e\SCHDPL32.EXE" '%1'
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
SearchResult=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
SSM="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/streamingmedia %1
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
stssync="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /stssync "%1"
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
TTAX09.Document=c:\Program Files\TurboTax\Deluxe 2009\32bite\TurboTax.exe "%1"
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
vcffile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /v "%1"
vcsfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /vcal "%1"
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webcal=rundll32.exe c:\PROGRA~1\AMERIC~1.0e\WEBCAL~1.DLL,WebCalHandler %1
WebCyberCoach_wtrb="c:\Program Files\WebCyberCoach\b_Delle\tranplug.exe" %1
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker="c:\Program Files\Movie Makere\moviemk.exe" %1
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WMAfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.12="c:\PROGRA~1\MICROS~2\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE11e\MSOXMLED.EXE" /verb open "%1"
xnkfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /x "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt

=============== Created Last 30 ================


==================== Find3M ====================

2010-10-26 13:25:00 1853312 ----a-w- c:\WINDOWS\system32e\win32k.sys

============= FINISH: 19:24:14.12 ===============

Attached Files


Edited by HelpHolland, 23 January 2011 - 01:52 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 26 January 2011 - 07:55 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 29 January 2011 - 12:56 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 30 January 2011 - 04:18 AM

Hello Gringo!

Sorry for my delay. I was checking my email expecting notifications, but that didn't happen. I suppose it's best just to check here directly. Again, my apologies. I definitely still need your help -- the problems persist.

Below are the DDS log (DDS.txt) and the RKUnHooker log (Report.txt). I could not paste the DDS log entitled Attach.txt because it is too big to paste and even too big to attach. It needs to be "zipped" (I have no idea how to do that). I noticed that on top, it says: "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT." The attach log that I did last time wasn't a problem (as you can see from my first email). Let me know what I should do.

Many thanks in advance!

HelpHolland



DDS (Ver_10-12-12.02) - NTFSx86
Run by Stephen at 9:44:55.53 on Sun 01/30/2011
internet explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.442 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr
C:\Program Files\AVG\AVG10\avgcmgr.exe

============== Running Processes ===============

\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://news.bbc.co.uk/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.google.com
UseHR REG_DWORD 1 (0x1)
Error Dlg Displayed On Every Error REG_SZ no
Use Search Asst REG_SZ no
Search Bar REG_SZ http://www.google.com/ie
Enable Browser Extensions REG_SZ yes
FullScreen REG_SZ no
Default_Page_URL REG_SZ http://www.google.com/ig/dell?hl=en
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffff0000000000000000eb04000002030000
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ no
AddToFavoritesExpanded REG_DWORD 0 (0x0)
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0 (0x0)
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 2c0d45c49b69ca01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY 7649a61afb21ca01
Save Directory REG_SZ c:\Documents and Settings\Stephen\Desktope\
Default_Search_URL REG_SZ http://www.google.com/ie
AutoHide REG_SZ yes
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY 469433fd9b69ca01
AutoSearch REG_DWORD 4 (0x4)

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\FeatureControl

HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
EnableNegotiate REG_DWORD 1 (0x1)
ProxyEnable REG_DWORD 0 (0x0)
PrivDiscUiShown REG_DWORD 1 (0x1)
SecureProtocols REG_DWORD 40 (0x28)
UrlEncoding REG_DWORD 0 (0x0)
ZonesSecurityUpgrade REG_BINARY fa8610ccfa21ca01
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 0 (0x0)
EnableAutodial REG_DWORD 0 (0x0)
GlobalUserOffline REG_DWORD 0 (0x0)
ProxyOverride REG_SZ *.local

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Protocols

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\TemplatePolicies

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\internet explorer\search
SearchAssistant REG_SZ http://www.google.com/ie
Default_Search_URL REG_SZ http://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
Default_Page_URL REG_SZ http://www.google.com/ig/dell?hl=en
Start Page REG_SZ http://www.google.com/ig/dell?hl=en
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
{A3BC75A2-1F87-4686-AA43-5347D756017C}URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_USERS\.default\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
{A3BC75A2-1F87-4686-AA43-5347D756017C}URLSearchHooks: H - No File

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ Stephen
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Stephen
AltDefaultDomainName REG_SZ DGQZB691
DefaultDomainName REG_SZ DGQZB691
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp
BuildNumber REG_DWORD 2600 (0xa28)

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Device REG_SZ hp psc 1200 series,winspool,Ne02:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5CA3D70E-1895-11CF-8E15-001234567890} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [DellSupport] "c:\Program Files\Dell Supporte\DSAgnt.exe" /startup
urun: [ctfmon.exe] c:\WINDOWS\system32e\ctfmon.exe
urun: [swg] "c:\Program Files\Google\GoogleToolbarNotifiere\GoogleToolbarNotifier.exe"
urun: [Google Update] "c:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Updatee\GoogleUpdate.exe" /c
urun: [MSMSGS] "c:\Program Files\Messengere\msmsgs.exe" /background
urun: [Samsung_AppInst] e:\SamsungSoftwaree\AppInst.exe
mrun: [ehTray] c:\WINDOWS\ehomee\ehtray.exe
mrun: [Apoint] c:\Program Files\Apointe\Apoint.exe
mrun: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bine\jusched.exe"
mrun: [<NO NAME>]
mrun: [IntelWireless] c:\Program Files\Intel\Wireless\Bine\ifrmewrk.exe /tf Intel PROSet/Wireless
mrun: [ATIPTA] "c:\Program Files\ATI Technologies\ATI Control Panele\atiptaxx.exe"
mrun: [Dell QuickSet] c:\program files\dell\quicksete\quickset.exe
mrun: [DVDLauncher] "c:\Program Files\CyberLink\PowerDVDe\DVDLauncher.exe"
mrun: [RealTray] c:\Program Files\Real\RealPlayere\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mrun: [dla] c:\WINDOWS\system32\dlae\tfswctrl.exe
mrun: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateServicee\isuspm.exe" -startup
mrun: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateServicee\issch.exe" -start
mrun: [Google Desktop Search] "c:\Program Files\Google\Google Desktop Searche\GoogleDesktop.exe" /startup
mrun: [Corel Photo Downloader] c:\Program Files\Corel\Corel Photo Album 6e\MediaDetect.exe
mrun: [IMJPMIG8.1] "c:\WINDOWS\IME\imjp8_1e\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mrun: [IMEKRMIG6.1] c:\WINDOWS\ime\imkr6_1e\IMEKRMIG.EXE
mrun: [MSPY2002] c:\WINDOWS\system32\IME\PINTLGNTe\ImScInst.exe /SYNC
mrun: [PHIME2002ASync] c:\WINDOWS\system32\IME\TINTLGNTe\TINTSETP.EXE /SYNC
mrun: [PHIME2002A] c:\WINDOWS\system32\IME\TINTLGNTe\TINTSETP.EXE /IMEName
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\qttask.exe" -atboottime
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [AVG_TRAY] c:\Program Files\AVG\AVG10e\avgtray.exe
mrun: [NBHGui] c:\Program Files\Nero\Tools\InCDe\NBHGui.exe
mrun: [InCD] c:\Program Files\Nero\Tools\InCDe\InCD.exe
mrun: [LogitechCommunicationsManager] "c:\Program Files\Common Files\Logitech\LComMgre\Communications_Helper.exe"
mrun: [LogitechQuickCamRibbon] "c:\Program Files\Logitech\QuickCam10e\QuickCam10.exe" /hide
mrun: [LVCOMSX] "c:\Program Files\Common Files\Logitech\LComMgre\LVComSX.exe"
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~3.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFGuage.exe
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~2.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFRealTimeD.exe
c:\DOCUME~1\Stephen\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files\Clarus\Samsung Auto Backupe\ISFTimerD.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files\Digital Line Detecte\DLG.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPPSC1~1.LNK - C:\Program Files\Hewlett-Packard\Digital Imaging\bine\hpohmr08.exe
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files\Hewlett-Packard\Digital Imaging\bine\hpotdd01.exe

ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Add to Google Photos Screensa&ver
ie: <NO NAME> REG_SZ res://c:\WINDOWS\system32e\GPhotos.scr/200
ie: Contexts REG_DWORD 34 (0x22)

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)

ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Google Sidewiki...
ie: <NO NAME> REG_SZ res://c:\Program Files\Google\Google Toolbar\Componente\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
ie: Contexts REG_DWORD 19 (0x13)

ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { ButtonText - REG_SZ Research
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~2\OFFICE11e\REFBAR.ICO
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~2\OFFICE11e\REFBARH.ICO

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ie: { ButtonText - REG_SZ Real.com
ie: { HotIcon - REG_SZ c:\Program Files\Real\RealPlayere\eb_act.ico
ie: { Icon - REG_SZ c:\Program Files\Real\RealPlayere\eb_inact.ico
ie: { ToolTip - REG_SZ Real.com Explorer Bar
ie: { Default Visible - REG_SZ Yes

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
ie: { MenuText - REG_SZ @xpsp3res.dll,-20001
ie: { Exec - REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe

ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - {fe54fa40-d68c-11d2-98fa-00c0f0318afe}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!


























































































































































































































































































































































































































































































































































































































































































about REG_DWORD 2 (0x2)
https REG_DWORD 2 (0x2)
https REG_DWORD 2 (0x2)

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\Contains\Files
c:\WINDOWS\system32e\LegitCheckControl.DLL REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation
CODEBASE REG_SZ http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\LegitCheckControl.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}\InstalledVersion
<NO NAME> REG_SZ 1,9,42,0

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\UploaderX.dll REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\DownloadInformation
CODEBASE REG_SZ http://picasaweb.google.com/s/v/55.16/uploader2.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\default.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{474F00F5-3853-492C-AC3A-476512BBC336}\InstalledVersion
<NO NAME> REG_SZ 1,0,0,31
LastModified REG_SZ Wed, 05 Nov 2008 01:48:41 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\InstalledVersion
<NO NAME> REG_SZ 4,0,0,99
LastModified REG_SZ Mon, 14 Nov 2005 14:22:28 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\Contains\Files
c:\WINDOWS\system32e\unicows.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\PhotoUploader55.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\DownloadInformation
CODEBASE REG_SZ http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\PhotoUploader55.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}\InstalledVersion
<NO NAME> REG_SZ 5,5,8,1
LastModified REG_SZ Mon, 31 Aug 2009 01:06:12 GMT

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.4.2
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1,4,2,3

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\gp.ocx REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation
CODEBASE REG_SZ http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\gp.inf

HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\InstalledVersion
<NO NAME> REG_SZ 1,6,2,97
LastModified REG_SZ Mon, 29 Nov 2010 18:46:01 GMT

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NameServer REG_SZ
CLSID - REG_SZ {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
CLSID - REG_SZ {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
appinit_dlls: c:\PROGRA~1\Google\GOOGLE~1e\GOEC62~1.DLL
ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\WINDOWS\system32e\WPDShServiceObj.dll

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
LsaPid REG_DWORD 1284 (0x504)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 1 (0x1)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\WINDOWS\system32\driverse\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\WINDOWS\system32\driverse\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\WINDOWS\system32\driverse\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\WINDOWS\system32\driverse\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\WINDOWS\system32\driverse\avgtdix.sys [2010-11-9 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\Program Files\AVG\AVG10\Identity Protection\Agent\Bine\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\Program Files\AVG\AVG10e\avgwdsvc.exe [2010-10-22 265400]
R2 McrdSvc;Media Center Extender Service;c:\WINDOWS\ehomee\mcrdsvc.exe [2005-8-5 99328]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\Program Files\Nero\Tools\InCDe\NBHRegInCDSrv.exe [2009-10-16 53560]
R3 AVGIDSDriver;AVGIDSDriver;c:\WINDOWS\system32\driverse\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\WINDOWS\system32\driverse\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\WINDOWS\system32\driverse\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2010-2-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\Program Files\AVG\AVG10\Toolbare\ToolbarBroker.exe [2010-11-30 517448]

=============== File Associations ===============

AcroExch.Document="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.RMFFile="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
!d
Briefcase=explorer.exe %1
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
!d
clpfile=clipbrd.exe %1
!d
Collection=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\system32e\CMMGR32.EXE "%1"
CorelPhotoAlbumFolder=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumPhoto=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumProject=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
CorelPhotoAlbumUploadAlbum=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
Coverpage=%systemroot%\system32\fxscover.exe "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
EBXTransfer="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Excel.Addin="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE /e
Excel.Chart.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.CSV="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.DIF="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
!d
FavoritePhotos=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
gdpb_AdpBrowser="c:\Program Files\WebCyberCoach\b_Delle\AdpBrowser.exe" -stopall "%1"
giffile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
Google.PhotoViewer.3.0="c:\Program Files\Google\Picasa3e\PicasaPhotoViewer.exe" "%1"
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
holfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /hol "%1"
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
icsfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /ical "%1"
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
iqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE /e
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
Keyword=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
Logitech.VideoEffectPackageHandler=c:\PROGRA~1\Logitech\QUICKC~1e\MODELF~1.EXE "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1
MediaCenter.C2R="c:\WINDOWS\eHomee\ehshell.exe" "%1"
MediaHub.File="c:\Program Files\Common Files\Sonic Shared\Sonic Central\Maine\Mediahub.exe" "%1"
MediaPackageFile="c:\Program Files\Microsoft Office\OFFICE11e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe c:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MMJB.BPP="c:\Program Files\Musicmatch\Musicmatch Jukeboxe\mmfwlaunch.exe" "%1"
MMJB.MMZ="c:\Program Files\Musicmatch\Musicmatch Jukeboxe\ti.exe" "%1"
MMS="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
Mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
MS-ITSS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome ms-itss:%1::/
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
msgfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /f "%1"
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSPaper.Document="c:\Program Files\Common Files\Microsoft Shared\MODI\11.0e\MSPVIEW.EXE" "%1"
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
MyDVD.File="c:\Program Files\Sonic\MyDVDe\MyDVD.EXE" "%1"
NeroCoverDesigner.Files9.cdc="c:\Program Files\Nero\Nero 9\Nero CoverDesignere\CoverDes.exe" "%1"
NeroCoverDesigner.Files9.ncd="c:\Program Files\Nero\Nero 9\Nero CoverDesignere\CoverDes.exe" "%1"
NeroExpress.Files9.cue="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.img="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.iso="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nhf="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nhv="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nmd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nr3="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nr4="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nra="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrb="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrc="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nre="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrg="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrh="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nri="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrm="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrs="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nru="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrv="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nrw="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroExpress.Files9.nsd="c:\Program Files\Nero\Nero 9\Nero Expresse\NeroExpress.exe" "%1"
NeroPhotoSnap.Files9.bmp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.cut="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.dds="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.dib="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.gif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ico="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.iff="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jfif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jng="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpe="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpeg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.jpg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.koa="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.lbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ljp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.mng="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pcd="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.pcx="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.png="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.ppm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.psd="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tga="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tif="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.tiff="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wbmp="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wmf="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.wpg="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroPhotoSnap.Files9.xbm="c:\Program Files\Nero\Nero 9\Nero PhotoSnape\PhotoSnapViewer.exe" "%1"
NeroStartSmart.Files9.nrg="c:\Program Files\Nero\Nero 9\Nero StartSmarte\NeroStartSmart.exe" "%1"
NeroVision.Files9.nvc="c:\Program Files\Nero\Nero 9\Nero Visione\NeroVision.exe" "%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
Office.Binder="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.8="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.95="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.Template.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
Office.Binder.Wizard.9="c:\Program Files\Microsoft Office\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder.8="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
OfficeBinder.Binder.9="c:\PROGRA~1\MICROS~2\OFFICE11e\UNBIND.EXE" "%1"
Oice.Excel.Addin=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Excel.Sheet=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Excel.Template=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.Show=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.SlideShow=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.PowerPoint.Template=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
Oice.Word.Document=c:\PROGRA~1\MICROS~2\Office12e\Oice.exe "%1"
oqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
ossfile="c:\Program Files\Microsoft Office\OFFICE11e\FINDER.EXE" /f "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
outlook="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /select "%1"
Outlook.NavigatorBarFile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /s "%1"
Outlook.Template="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /t "%1"
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
Panorama=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PDXFileType="c:\Program Files\Adobe\Acrobat 6.0\Readere\AcroRd32.exe" "%1"
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
PhotoTray=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
picasa="c:\Program Files\Google\Picasa3e\Picasa3.exe" "%1"
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pnm="c:\Program Files\Real\RealPlayere\RealPlay.exe" %1
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="""" /s "%1"
PowerPoint.Template.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
prffile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /PromptImportPRF "%1"
Publisher.Document.11="c:\Program Files\Microsoft Office\OFFICE11e\MSPUB.EXE" %1
Publishing Folder=explorer.exe /idlist,%I,%L
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qup=c:\PROGRA~1\QUICKT~1e\QuickTimeUpdater.exe "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
RealJukebox.RJS.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realsystem-rjs %1
RealJukebox.RMP.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-rn_music_package %1
RealJukebox.RMX.1="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realsystem-rmx %1
RealPlayer.Flash.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m image/vnd.rn-realflash %1
RealPlayer.MP3PL.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/mpegurl %1
RealPlayer.PIX.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m image/vnd.rn-realpix %1
RealPlayer.RA.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/vnd.rn-realaudio %1
RealPlayer.RAM.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/x-pn-realaudio %1
RealPlayer.RM.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realmedia %1
RealPlayer.RMS.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realmedia-secure %1
RealPlayer.RMVB.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" "%1"
RealPlayer.RP.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-realplayer %1
RealPlayer.RSML.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/vnd.rn-rsml %1
RealPlayer.RT.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m text/vnd.rn-realtext %1
RealPlayer.RV.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m video/vnd.rn-realvideo %1
RealPlayer.SDP.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/sdp %1
RealPlayer.SMIL.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/smil %1
RealPlayer.WAV.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m audio/wav %1
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rqyfile=c:\PROGRA~1\MICROS~2\OFFICE11e\EXCEL.EXE
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
rtsp="c:\Program Files\Real\RealPlayere\RealPlay.exe" %1
SavedDsQuery=rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
SchedulePlus.Application.7="c:\Program Files\Microsoft Office\OFFICE11\1033e\SCHDPL32.EXE" '%1'
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
SearchResult=c:\PROGRA~1\Corel\CORELP~1e\PHOTOA~1.EXE "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
SSM="c:\Program Files\Real\RealPlayere\RealPlay.exe" /m application/streamingmedia %1
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
stssync="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /stssync "%1"
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
TTAX09.Document=c:\Program Files\TurboTax\Deluxe 2009\32bite\TurboTax.exe "%1"
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
vcffile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /v "%1"
vcsfile="c:\PROGRA~1\MICROS~2\OFFICE11e\OUTLOOK.EXE" /vcal "%1"
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webcal=rundll32.exe c:\PROGRA~1\AMERIC~1.0e\WEBCAL~1.DLL,WebCalHandler %1
WebCyberCoach_wtrb="c:\Program Files\WebCyberCoach\b_Delle\tranplug.exe" %1
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker="c:\Program Files\Movie Makere\moviemk.exe" %1
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WMAfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.12="c:\PROGRA~1\MICROS~2\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\PROGRA~1\MICROS~2\OFFICE11e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE11e\MSOXMLED.EXE" /verb open "%1"
xnkfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /x "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
.bat
.cmd
.com
.exe
.scr
.reg
.txt

=============== Created Last 30 ================


==================== Find3M ====================

2010-11-03 12:25:54 385024 ----a-w- c:\WINDOWS\system32e\html.iec

============= FINISH: 9:48:43.78 ===============

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF5EAD000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3211264 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6209000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF5CF3000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5C4B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF7375000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xED811000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5B3E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xED93E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8E50000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xED8F6000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF5E6A000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xB9128000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5BF4000 C:\WINDOWS\system32\DRIVERS\iwca.sys 249856 bytes (Intel Corporation, Intel Wireless Connection Agent)
0xED787000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF5DF2000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF5B9C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74EC000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9CC8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7348000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB800B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xED881000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8A90000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xED8CE000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7478000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xED7C3000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5E46000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF61D1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5E23000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xED8AC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7440000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF749E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEDA6A000 C:\WINDOWS\system32\DRIVERS\InCDFs.sys 126976 bytes (Nero AG, InCD File System Driver)
0xF74BD000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF5C31000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF732E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEB000000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xEB21B000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7460000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7402000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5BDD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB019000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7419000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xBA4F3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF61BD000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF61F5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xED997000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF742E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74DB000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5BCC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77FB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77AB000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76BB000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF767B000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6C27000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF776B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77BB000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA5A0000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6CB7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF768B000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF765B000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF777B000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF782B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF763B000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6C97000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF784B000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF774B000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF6C57000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF778B000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF77CB000 C:\WINDOWS\system32\DRIVERS\InCDPass.sys 45056 bytes (Nero AG, Nero InCD RW Filter Driver)
0xF762B000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF783B000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8BF8000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB9E3D000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF772B000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF761B000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF787B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF786B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF779B000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF769B000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF764B000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF773B000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF785B000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6C77000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9010000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF766B000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF775B000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF6C37000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79C3000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF78C3000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF79BB000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xEB09F000 C:\DOCUME~1\Stephen\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF789B000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF682B000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A03000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF79DB000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF79D3000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79CB000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A13000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF79B3000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A1B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78AB000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xEB06F000 C:\WINDOWS\system32\drivers\LVPr2Mon.sys 20480 bytes (-, -)
0xF7A23000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79FB000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF78A3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79EB000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79F3000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF79E3000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7993000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF72DD000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xED80D000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF7A33000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AFF000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF635E000 C:\WINDOWS\system32\DRIVERS\InCDRec.sys 16384 bytes (Nero AG, Nero InCD File System Recognizer)
0xF72ED000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEB1FB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xED753000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A2B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A2F000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xED777000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6366000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB8D78000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7B0F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF635A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEB1C3000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF634E000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B9F000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7B97000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B95000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B1F000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B1B000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B99000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B9B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B67000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B7D000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B5F000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B8F000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B1D000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C7B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C78000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C75000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BE3000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D5F000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7D5E000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
!!!!!!!!!!!Hidden driver: 0x861A1AF1 ?_empty_? 1295 bytes
0x861A1ECC unknown_irp_handler 308 bytes
!!!!!!!!!!!Hidden driver: 0x86B7EDA0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7460000 WARNING: suspicious driver modification [atapi.sys::0x861A1AF1]
0xF635A000 WARNING: Virus alike driver modification [rasacd.sys], 12288 bytes
0x05650000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 126976 bytes
0x03B60000 Hidden Image-->System.XML.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 2060288 bytes
0x04630000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 266240 bytes
0x04400000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 270336 bytes
0x03280000 Hidden Image-->log4net.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 282624 bytes
0x040D0000 Hidden Image-->System.Data.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 2961408 bytes
0x04C90000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 307200 bytes
0x03540000 Hidden Image-->System.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 3190784 bytes
0x05560000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 421888 bytes
0x03420000 Hidden Image-->System.configuration.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 438272 bytes
0x04470000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 479232 bytes
0x04EE0000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 5033984 bytes
0x054C0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x859DCDA0 ] PID: 2676, 634880 bytes
0x03FE0000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x859DCDA0 ] PID: 2676, 872448 bytes

Edited by HelpHolland, 30 January 2011 - 04:27 AM.


#5 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 30 January 2011 - 04:41 AM

I decided to try to paste the Attach.txt DDS file in smaller chunks. I hope this works (and is not obnoxious!):

PART 1:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2009 2:24:08 AM
System Uptime: 1/30/2011 9:32:08 AM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel® Pentium® M processor 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 16.65 GiB free.
D: is CDROM ()
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP477: 11/13/2010 3:49:41 PM - System Checkpoint
RP478: 11/14/2010 2:33:28 PM - Installed Windows Media Player 10
RP479: 11/14/2010 2:34:23 PM - Software Distribution Service 3.0
RP480: 11/14/2010 11:08:26 PM - Software Distribution Service 3.0
RP481: 11/16/2010 4:04:00 PM - System Checkpoint
RP482: 11/17/2010 5:31:54 PM - System Checkpoint
RP483: 11/18/2010 5:43:37 PM - System Checkpoint
RP484: 11/19/2010 10:44:26 AM - Software Distribution Service 3.0
RP485: 11/19/2010 11:10:50 AM - Software Distribution Service 3.0
RP486: 11/21/2010 10:27:38 AM - System Checkpoint
RP487: 11/22/2010 11:07:40 AM - System Checkpoint
RP488: 11/23/2010 10:18:26 AM - Software Distribution Service 3.0
RP489: 11/23/2010 3:20:07 PM - Software Distribution Service 3.0
RP490: 11/28/2010 8:20:25 PM - Avg Update
RP491: 11/28/2010 8:21:14 PM - Avg Update
RP492: 11/29/2010 8:47:15 PM - System Checkpoint
RP493: 11/30/2010 11:39:33 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP494: 11/30/2010 11:39:56 AM - Installed AVG 2011
RP495: 11/30/2010 11:41:47 AM - Removed AVG Free 9.0
RP496: 11/30/2010 4:58:13 PM - Installed AVG 2011
RP497: 12/1/2010 5:48:07 PM - System Checkpoint
RP498: 12/2/2010 5:51:07 PM - System Checkpoint
RP499: 12/3/2010 8:32:32 PM - System Checkpoint
RP500: 12/5/2010 3:58:40 PM - System Checkpoint
RP501: 12/6/2010 4:03:18 PM - System Checkpoint
RP502: 12/7/2010 6:51:45 PM - System Checkpoint
RP503: 12/8/2010 6:58:02 PM - System Checkpoint
RP504: 12/10/2010 10:21:51 AM - Removed Google Talk Plugin
RP505: 12/11/2010 10:43:57 AM - System Checkpoint
RP506: 12/12/2010 11:14:46 AM - System Checkpoint
RP507: 12/13/2010 5:59:04 PM - System Checkpoint
RP508: 12/14/2010 6:09:46 PM - System Checkpoint
RP509: 12/15/2010 7:43:07 PM - System Checkpoint
RP510: 12/15/2010 11:26:27 PM - Software Distribution Service 3.0
RP511: 12/17/2010 10:35:05 AM - System Checkpoint
RP512: 12/17/2010 6:31:06 PM - Removed AVG 2011
RP513: 12/18/2010 8:49:10 PM - System Checkpoint
RP514: 12/20/2010 8:56:35 AM - System Checkpoint
RP515: 12/21/2010 9:06:46 AM - Software Distribution Service 3.0
RP516: 12/22/2010 10:13:40 AM - System Checkpoint
RP517: 12/23/2010 2:07:04 PM - System Checkpoint
RP518: 12/30/2010 12:06:54 PM - Removed AVG 2011
RP519: 12/31/2010 1:08:24 PM - System Checkpoint
RP520: 1/2/2011 3:10:03 PM - Removed EarthLink setup files
RP521: 1/2/2011 3:15:26 PM - Removed QuickBooks
RP522: 1/2/2011 3:26:56 PM - Removed Microsoft Silverlight
RP523: 1/2/2011 6:12:17 PM - Restore Operation
RP524: 1/3/2011 6:20:34 PM - System Checkpoint
RP525: 1/4/2011 7:18:57 PM - System Checkpoint
RP526: 1/5/2011 8:19:35 PM - System Checkpoint
RP527: 1/7/2011 9:39:16 AM - System Checkpoint
RP528: 1/8/2011 7:14:57 PM - Installed DirectX
RP529: 1/8/2011 7:15:43 PM - Installed Nero 9 Essentials 4.4.9.0
RP530: 1/10/2011 10:01:38 AM - System Checkpoint
RP531: 1/11/2011 10:53:13 AM - System Checkpoint
RP532: 1/11/2011 1:57:08 PM - Installed Samsung Auto Backup
RP533: 1/11/2011 4:44:14 PM - Software Distribution Service 3.0
RP534: 1/12/2011 2:32:29 PM - Software Distribution Service 3.0
RP535: 1/13/2011 6:18:58 PM - System Checkpoint
RP536: 1/16/2011 10:27:56 PM - Software Distribution Service 3.0
RP537: 1/23/2011 12:14:04 PM - System Checkpoint
RP538: 1/24/2011 8:37:49 PM - System Checkpoint
RP539: 1/25/2011 8:39:30 PM - System Checkpoint
RP540: 1/26/2011 9:27:44 PM - System Checkpoint
RP541: 1/28/2011 10:19:08 AM - System Checkpoint
RP542: 1/29/2011 11:57:35 AM - System Checkpoint

==== Installed Programs ======================










































































































































































































































































































































































































<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ
<NO NAME> REG_SZ KB200003
<NO NAME> REG_SZ KB2416473
<NO NAME> REG_SZ KB2418241
<NO NAME> REG_SZ KB300003
<NO NAME> REG_SZ KB350003
<NO NAME> REG_SZ KB431780
<NO NAME> REG_SZ KB946922
<NO NAME> REG_SZ KB947748
<NO NAME> REG_SZ KB949272
<NO NAME> REG_SZ KB952137
<NO NAME> REG_SZ KB952677
<NO NAME> REG_SZ KB953300
<NO NAME> REG_SZ KB953595
<NO NAME> REG_SZ KB953990
<NO NAME> REG_SZ KB954832
<NO NAME> REG_SZ KB956860
<NO NAME> REG_SZ KB957541
<NO NAME> REG_SZ KB957542
<NO NAME> REG_SZ KB957543
<NO NAME> REG_SZ KB958129
<NO NAME> REG_SZ KB958481
<NO NAME> REG_SZ KB958483
<NO NAME> REG_SZ KB958484
<NO NAME> REG_SZ KB960043
<NO NAME> REG_SZ KB960043
<NO NAME> REG_SZ KB960043
<NO NAME> REG_SZ KB963707
<NO NAME> REG_SZ KB971111
<NO NAME> REG_SZ KB974417
<NO NAME> REG_SZ KB975195
<NO NAME> REG_SZ KB976569
<NO NAME> REG_SZ KB976570
<NO NAME> REG_SZ KB976576
<NO NAME> REG_SZ KB976578
<NO NAME> REG_SZ KB976578v2
<NO NAME> REG_SZ KB976765v2
<NO NAME> REG_SZ KB976769
<NO NAME> REG_SZ KB976769v2
<NO NAME> REG_SZ KB977354
<NO NAME> REG_SZ KB977354v2
<NO NAME> REG_SZ KB979909
<NO NAME> REG_SZ KB980773
<NO NAME> REG_SZ KB983583
AOL Connectivity Services REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
AuthorizedCDFPrefix REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ
Comments REG_SZ Adobe Acrobat - Reader 6.0.2 Update
Comments REG_SZ Build Number 5716
Comments REG_SZ Dell Download Center
Comments REG_SZ Go to http://support.dell.com.
Comments REG_SZ Help Files
Comments REG_SZ hp memories disc creator software
Comments REG_SZ http://www.hp.com
Comments REG_SZ http://www.hp.com
Comments REG_SZ http://www.hp.com
Comments REG_SZ http://www.java.com
Comments REG_SZ Installs Corel Photo Album 6
Comments REG_SZ Intel® PROSet/Wireless installation package
Comments REG_SZ N/A
Comments REG_SZ Pseudo NCS Install
Comments REG_SZ Pseudo NCS Install
Comments REG_SZ This hotfix is for Microsoft .NET Framework 3.5 SP1.
Comments REG_SZ This hotfix is for Microsoft .NET Framework 3.5 SP1.
Comments REG_SZ This security update is for Microsoft .NET Framework 3.5 SP1.
Comments REG_SZ This update is for Microsoft .NET Framework 3.5 SP1.
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Comments REG_SZ Your Comments
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ
Contact REG_SZ AppleCare Support
Contact REG_SZ AppleCare Support
Contact REG_SZ AppleCare Support
Contact REG_SZ AppleCare Support
Contact REG_SZ AppleCare Support
Contact REG_SZ AppleCare Support
Contact REG_SZ Corel Customer Service
Contact REG_SZ Customer Support
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Customer Support Department
Contact REG_SZ Dell Customer Support
Contact REG_SZ Dell Support
Contact REG_SZ http://java.com
Contact REG_SZ http://www.avg.com
Contact REG_SZ http://www.avg.com
Contact REG_SZ http://www.java.com
Contact REG_SZ Logitech Customer Support
Contact REG_SZ Nero AG
Contact REG_SZ NetZero, Inc.
Contact REG_SZ Vantage Linguistics
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ "%ProgramFiles%\windows media player\wmplayer.exe"
DisplayIcon REG_EXPAND_SZ C:\Program Files\Digital Line Detect\DLG.exe
DisplayIcon REG_EXPAND_SZ C:\Program Files\Modem Helper\MDM_Util.exe
DisplayIcon REG_EXPAND_SZ C:\Program Files\NetWaiting\MOH.exe
DisplayIcon REG_SZ "C:\Program Files\AVG\AVG10\avgmfapx.exe"
DisplayIcon REG_SZ "C:\Program Files\WildTangent\Apps\CDA\wt.ico"
DisplayIcon REG_SZ C:\Documents and Settings\Stephen\Application Data\Move Networks\uninstall.exe
DisplayIcon REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe
DisplayIcon REG_SZ C:\Program Files\Clarus\Samsung Auto Backup\ISFMgr.exe
DisplayIcon REG_SZ C:\Program Files\Common Files\Logitech\QCDRV\BIN\icon.ico
DisplayIcon REG_SZ C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe,0
DisplayIcon REG_SZ C:\Program Files\Dell\Digital Jukebox Drivers\CtDrvStp.exe
DisplayIcon REG_SZ C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
DisplayIcon REG_SZ C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe
DisplayIcon REG_SZ C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\Internet Explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\internet explorer\iexplore.exe
DisplayIcon REG_SZ C:\Program Files\Java\jre6\\bin\javaws.exe
DisplayIcon REG_SZ C:\Program Files\Musicmatch\MUSICMATCH Music Services\MMsmall.ico
DisplayIcon REG_SZ C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe
DisplayIcon REG_SZ C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe
DisplayIcon REG_SZ C:\Program Files\WebCyberCoach\b_Dell\tranplug.exe
DisplayIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
DisplayIcon REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
DisplayIcon REG_SZ C:\WINDOWS\ehome\ehshell.exe
DisplayIcon REG_SZ C:\WINDOWS\ehome\ehshell.exe
DisplayIcon REG_SZ C:\WINDOWS\ehome\ehshell.exe
DisplayIcon REG_SZ C:\WINDOWS\ehome\ehshell.exe
DisplayIcon REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico
DisplayIcon REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
DisplayIcon REG_SZ C:\WINDOWS\system32\msiexec.exe
DisplayIcon REG_SZ C:\WINDOWS\system32\msiexec.exe
DisplayIcon REG_SZ C:\WINDOWS\system32\msiexec.exe
DisplayName REG_SZ
DisplayName REG_SZ Adobe Acrobat - Reader 6.0.2 Update
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayName REG_SZ Adobe Reader 6.0.1
DisplayName REG_SZ Advertising Center
DisplayName REG_SZ ALPS Touch Pad Driver
DisplayName REG_SZ AOLIcon
DisplayName REG_SZ Apple Application Support
DisplayName REG_SZ Apple Mobile Device Support
DisplayName REG_SZ Apple Software Update
DisplayName REG_SZ ATI Control Panel
DisplayName REG_SZ ATI Display Driver
DisplayName REG_SZ AVG 2011
DisplayName REG_SZ AVG 2011
DisplayName REG_SZ AVG 2011
DisplayName REG_SZ Bonjour
DisplayName REG_SZ Business Contact Manager for Outlook 2003
DisplayName REG_SZ Compatibility Pack for the 2007 Office system
DisplayName REG_SZ Conexant D110 MDC V.9x Modem
DisplayName REG_SZ Corel Photo Album 6
DisplayName REG_SZ Dell Digital Jukebox Driver
DisplayName REG_SZ Dell Driver Reset Tool
DisplayName REG_SZ Dell Support 3.1
DisplayName REG_SZ Dell System Restore
DisplayName REG_SZ Digital Content Portal
DisplayName REG_SZ Digital Line Detect
DisplayName REG_SZ Google AFE
DisplayName REG_SZ Google Desktop
DisplayName REG_SZ Google Talk Plugin
DisplayName REG_SZ Google Toolbar for Internet Explorer
DisplayName REG_SZ Google Toolbar for Internet Explorer
DisplayName REG_SZ Google Update Helper
DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
DisplayName REG_SZ Hotfix for Windows Media Format 11 SDK (KB929399)
DisplayName REG_SZ Hotfix for Windows Media Player 10 (KB903157)
DisplayName REG_SZ Hotfix for Windows Media Player 11 (KB939683)
DisplayName REG_SZ Hotfix for Windows XP (KB2443685)
DisplayName REG_SZ Hotfix for Windows XP (KB952287)
DisplayName REG_SZ Hotfix for Windows XP (KB954550-v5)
DisplayName REG_SZ Hotfix for Windows XP (KB961118)
DisplayName REG_SZ Hotfix for Windows XP (KB970653-v3)
DisplayName REG_SZ Hotfix for Windows XP (KB976002-v5)
DisplayName REG_SZ Hotfix for Windows XP (KB976098-v2)
DisplayName REG_SZ Hotfix for Windows XP (KB979306)
DisplayName REG_SZ Hotfix for Windows XP (KB981793)
DisplayName REG_SZ HP Memories Disc
DisplayName REG_SZ HP Photo and Imaging 2.0 - All-in-One
DisplayName REG_SZ HP Photo and Imaging 2.0 - All-in-One Drivers
DisplayName REG_SZ HP Photo and Imaging 2.0 - hp psc 1200 series
DisplayName REG_SZ hp psc 1200 series
DisplayName REG_SZ ImagXpress
DisplayName REG_SZ Intel® PROSet/Wireless Software
DisplayName REG_SZ Internal Network Card Power Management
DisplayName REG_SZ iSEEK AnswerWorks English Runtime
DisplayName REG_SZ iTunes
DisplayName REG_SZ Java 2 Runtime Environment, SE v1.4.2_03
DisplayName REG_SZ Java™ 6 Update 17
DisplayName REG_SZ Learn2 Player (Uninstall Only)
DisplayName REG_SZ Logitech Audio Echo Cancellation Component
DisplayName REG_SZ Logitech QuickCam
DisplayName REG_SZ Logitech Video Enumerator
DisplayName REG_SZ Logitech® Camera Driver
DisplayName REG_SZ Macromedia Flash Player
DisplayName REG_SZ mCore
DisplayName REG_SZ MCU
DisplayName REG_SZ mDrWiFi
DisplayName REG_SZ mHlpDell
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)
DisplayName REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
DisplayName REG_SZ Microsoft .NET Framework 2.0 Service Pack 2
DisplayName REG_SZ Microsoft .NET Framework 3.0 Service Pack 2
DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1
DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1
DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP
DisplayName REG_SZ Microsoft Office Small Business Edition 2003
DisplayName REG_SZ Microsoft Plus! Digital Media Edition Installer
DisplayName REG_SZ Microsoft Plus! Photo Story 2 LE
DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0
DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable
DisplayName REG_SZ Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
DisplayName REG_SZ mIWA
DisplayName REG_SZ mIWCA
DisplayName REG_SZ mLogView
DisplayName REG_SZ mMHouse
DisplayName REG_SZ Modem Helper
DisplayName REG_SZ Move Media Player
DisplayName REG_SZ mPfMgr
DisplayName REG_SZ mPfWiz
DisplayName REG_SZ mProSafe
DisplayName REG_SZ mSSO
DisplayName REG_SZ MSXML 4.0 SP2 (KB954430)
DisplayName REG_SZ MSXML 4.0 SP2 (KB973688)
DisplayName REG_SZ MSXML 6 Service Pack 2 (KB973686)
DisplayName REG_SZ Musicmatch for Windows Media Player
DisplayName REG_SZ mWlsSafe
DisplayName REG_SZ mXML
DisplayName REG_SZ mZConfig
DisplayName REG_SZ Nero BurnRights
DisplayName REG_SZ Nero ControlCenter
DisplayName REG_SZ Nero CoverDesigner
DisplayName REG_SZ Nero DiscSpeed
DisplayName REG_SZ Nero DriveSpeed
DisplayName REG_SZ Nero InCD
DisplayName REG_SZ Nero InfoTool
DisplayName REG_SZ Nero PhotoSnap
DisplayName REG_SZ Nero Recode
DisplayName REG_SZ Nero ShowTime
DisplayName REG_SZ Nero StartSmart
DisplayName REG_SZ Nero Vision
DisplayName REG_SZ NeroExpress
DisplayName REG_SZ neroxml
DisplayName REG_SZ NetWaiting
DisplayName REG_SZ NetZeroInstallers
DisplayName REG_SZ Otto
DisplayName REG_SZ Picasa 3
DisplayName REG_SZ PowerDVD 5.5
DisplayName REG_SZ Qualxserve Service Agreement
DisplayName REG_SZ QuickSet
DisplayName REG_SZ QuickTime
DisplayName REG_SZ RealPlayer Basic
DisplayName REG_SZ Samsung Auto Backup
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB2416400)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB971961)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB972260)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB974455)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB976325)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB978207)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB981332)
DisplayName REG_SZ Security Update for Windows Internet Explorer 8 (KB982381)
DisplayName REG_SZ Security Update for Windows Media Player (KB2378111)
DisplayName REG_SZ Security Update for Windows Media Player (KB952069)
DisplayName REG_SZ Security Update for Windows Media Player (KB954155)
DisplayName REG_SZ Security Update for Windows Media Player (KB968816)
DisplayName REG_SZ Security Update for Windows Media Player (KB973540)
DisplayName REG_SZ Security Update for Windows Media Player (KB975558)
DisplayName REG_SZ Security Update for Windows Media Player (KB978695)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB936782)
DisplayName REG_SZ Security Update for Windows Media Player 11 (KB954154)
DisplayName REG_SZ Security Update for Windows XP (KB2079403)
DisplayName REG_SZ Security Update for Windows XP (KB2115168)
DisplayName REG_SZ Security Update for Windows XP (KB2121546)
DisplayName REG_SZ Security Update for Windows XP (KB2229593)
DisplayName REG_SZ Security Update for Windows XP (KB2259922)
DisplayName REG_SZ Security Update for Windows XP (KB2286198)
DisplayName REG_SZ Security Update for Windows XP (KB2296011)
DisplayName REG_SZ Security Update for Windows XP (KB2296199)
DisplayName REG_SZ Security Update for Windows XP (KB2347290)
DisplayName REG_SZ Security Update for Windows XP (KB2360937)
DisplayName REG_SZ Security Update for Windows XP (KB2387149)
DisplayName REG_SZ Security Update for Windows XP (KB2419632)
DisplayName REG_SZ Security Update for Windows XP (KB2423089)
DisplayName REG_SZ Security Update for Windows XP (KB2436673)
DisplayName REG_SZ Security Update for Windows XP (KB2440591)
DisplayName REG_SZ Security Update for Windows XP (KB2443105)
DisplayName REG_SZ Security Update for Windows XP (KB923561)
DisplayName REG_SZ Security Update for Windows XP (KB923689)
DisplayName REG_SZ Security Update for Windows XP (KB938464-v2)
DisplayName REG_SZ Security Update for Windows XP (KB941569)
DisplayName REG_SZ Security Update for Windows XP (KB946648)
DisplayName REG_SZ Security Update for Windows XP (KB950762)
DisplayName REG_SZ Security Update for Windows XP (KB950974)
DisplayName REG_SZ Security Update for Windows XP (KB951066)
DisplayName REG_SZ Security Update for Windows XP (KB951376-v2)
DisplayName REG_SZ Security Update for Windows XP (KB951748)
DisplayName REG_SZ Security Update for Windows XP (KB952004)
DisplayName REG_SZ Security Update for Windows XP (KB952954)
DisplayName REG_SZ Security Update for Windows XP (KB954600)
DisplayName REG_SZ Security Update for Windows XP (KB955069)
DisplayName REG_SZ Security Update for Windows XP (KB956572)
DisplayName REG_SZ Security Update for Windows XP (KB956744)
DisplayName REG_SZ Security Update for Windows XP (KB956802)
DisplayName REG_SZ Security Update for Windows XP (KB956803)
DisplayName REG_SZ Security Update for Windows XP (KB956844)
DisplayName REG_SZ Security Update for Windows XP (KB957097)
DisplayName REG_SZ Security Update for Windows XP (KB958644)
DisplayName REG_SZ Security Update for Windows XP (KB958687)
DisplayName REG_SZ Security Update for Windows XP (KB958869)
DisplayName REG_SZ Security Update for Windows XP (KB959426)
DisplayName REG_SZ Security Update for Windows XP (KB960225)
DisplayName REG_SZ Security Update for Windows XP (KB960803)
DisplayName REG_SZ Security Update for Windows XP (KB960859)
DisplayName REG_SZ Security Update for Windows XP (KB961371)
DisplayName REG_SZ Security Update for Windows XP (KB961501)
DisplayName REG_SZ Security Update for Windows XP (KB968537)
DisplayName REG_SZ Security Update for Windows XP (KB969059)
DisplayName REG_SZ Security Update for Windows XP (KB969947)
DisplayName REG_SZ Security Update for Windows XP (KB970238)
DisplayName REG_SZ Security Update for Windows XP (KB970430)
DisplayName REG_SZ Security Update for Windows XP (KB971468)
DisplayName REG_SZ Security Update for Windows XP (KB971486)
DisplayName REG_SZ Security Update for Windows XP (KB971557)
DisplayName REG_SZ Security Update for Windows XP (KB971633)
DisplayName REG_SZ Security Update for Windows XP (KB971657)
DisplayName REG_SZ Security Update for Windows XP (KB972260)
DisplayName REG_SZ Security Update for Windows XP (KB972270)
DisplayName REG_SZ Security Update for Windows XP (KB973346)
DisplayName REG_SZ Security Update for Windows XP (KB973354)
DisplayName REG_SZ Security Update for Windows XP (KB973507)
DisplayName REG_SZ Security Update for Windows XP (KB973525)
DisplayName REG_SZ Security Update for Windows XP (KB973869)
DisplayName REG_SZ Security Update for Windows XP (KB973904)
DisplayName REG_SZ Security Update for Windows XP (KB974112)
DisplayName REG_SZ Security Update for Windows XP (KB974318)
DisplayName REG_SZ Security Update for Windows XP (KB974392)
DisplayName REG_SZ Security Update for Windows XP (KB974571)
DisplayName REG_SZ Security Update for Windows XP (KB975025)
DisplayName REG_SZ Security Update for Windows XP (KB975467)
DisplayName REG_SZ Security Update for Windows XP (KB975560)
DisplayName REG_SZ Security Update for Windows XP (KB975561)
DisplayName REG_SZ Security Update for Windows XP (KB975562)
DisplayName REG_SZ Security Update for Windows XP (KB975713)
DisplayName REG_SZ Security Update for Windows XP (KB977165)
DisplayName REG_SZ Security Update for Windows XP (KB977816)
DisplayName REG_SZ Security Update for Windows XP (KB977914)
DisplayName REG_SZ Security Update for Windows XP (KB978037)
DisplayName REG_SZ Security Update for Windows XP (KB978251)
DisplayName REG_SZ Security Update for Windows XP (KB978262)
DisplayName REG_SZ Security Update for Windows XP (KB978338)
DisplayName REG_SZ Security Update for Windows XP (KB978542)
DisplayName REG_SZ Security Update for Windows XP (KB978601)
DisplayName REG_SZ Security Update for Windows XP (KB978706)
DisplayName REG_SZ Security Update for Windows XP (KB979309)
DisplayName REG_SZ Security Update for Windows XP (KB979482)
DisplayName REG_SZ Security Update for Windows XP (KB979559)
DisplayName REG_SZ Security Update for Windows XP (KB979683)
DisplayName REG_SZ Security Update for Windows XP (KB979687)
DisplayName REG_SZ Security Update for Windows XP (KB980195)
DisplayName REG_SZ Security Update for Windows XP (KB980218)
DisplayName REG_SZ Security Update for Windows XP (KB980232)
DisplayName REG_SZ Security Update for Windows XP (KB980436)
DisplayName REG_SZ Security Update for Windows XP (KB981322)
DisplayName REG_SZ Security Update for Windows XP (KB981852)
DisplayName REG_SZ Security Update for Windows XP (KB981997)
DisplayName REG_SZ Security Update for Windows XP (KB982132)
DisplayName REG_SZ Security Update for Windows XP (KB982214)
DisplayName REG_SZ Security Update for Windows XP (KB982665)
DisplayName REG_SZ Sonic DLA
DisplayName REG_SZ Sonic Encoders
DisplayName REG_SZ Sonic MyDVD LE
DisplayName REG_SZ Sonic RecordNow Audio
DisplayName REG_SZ Sonic RecordNow Copy
DisplayName REG_SZ Sonic RecordNow Data
DisplayName REG_SZ Sonic Update Manager
DisplayName REG_SZ TurboTax 2009
DisplayName REG_SZ TurboTax 2009 wcaiper
DisplayName REG_SZ TurboTax 2009 WinPerFedFormset
DisplayName REG_SZ TurboTax 2009 WinPerReleaseEngine
DisplayName REG_SZ TurboTax 2009 WinPerTaxSupport
DisplayName REG_SZ TurboTax 2009 wrapper
DisplayName REG_SZ UMVPLStandalone
DisplayName REG_SZ Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
DisplayName REG_SZ Update for Windows Internet Explorer 8 (KB972636)
DisplayName REG_SZ Update for Windows Internet Explorer 8 (KB976662)
DisplayName REG_SZ Update for Windows Internet Explorer 8 (KB976749)
DisplayName REG_SZ Update for Windows Internet Explorer 8 (KB980182)
DisplayName REG_SZ Update for Windows Media Player 10 (KB913800)
DisplayName REG_SZ Update for Windows Media Player 10 (KB926251)
DisplayName REG_SZ Update for Windows XP (KB2141007)
DisplayName REG_SZ Update for Windows XP (KB2345886)
DisplayName REG_SZ Update for Windows XP (KB2467659)
DisplayName REG_SZ Update for Windows XP (KB951978)
DisplayName REG_SZ Update for Windows XP (KB955759)
DisplayName REG_SZ Update for Windows XP (KB955839)
DisplayName REG_SZ Update for Windows XP (KB967715)
DisplayName REG_SZ Update for Windows XP (KB968389)
DisplayName REG_SZ Update for Windows XP (KB971737)
DisplayName REG_SZ Update for Windows XP (KB973687)
DisplayName REG_SZ Update for Windows XP (KB973815)
DisplayName REG_SZ Update Rollup 2 for Windows XP Media Center Edition 2005
DisplayName REG_SZ Viewpoint Media Player
DisplayName REG_SZ WebCyberCoach 3.2 Dell
DisplayName REG_SZ WebFldrs XP
DisplayName REG_SZ WildTangent Web Driver
DisplayName REG_SZ Windows Imaging Component
DisplayName REG_SZ Windows Internet Explorer 8
DisplayName REG_SZ Windows Media Format 11 runtime
DisplayName REG_SZ Windows Media Format 11 runtime
DisplayName REG_SZ Windows Media Player 10
DisplayName REG_SZ Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
DisplayName REG_SZ Windows Media Player 11
DisplayName REG_SZ Windows Media Player 11
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB908246
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB925766
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB973768
DisplayName REG_SZ Windows XP Service Pack 3
DisplayVersion REG_SZ -
DisplayVersion REG_SZ 0.0.0.2
DisplayVersion REG_SZ 0.00.000
DisplayVersion REG_SZ 006.000.001
DisplayVersion REG_SZ 009.000.0002
DisplayVersion REG_SZ 009.000.0145
DisplayVersion REG_SZ 009.000.0238
DisplayVersion REG_SZ 009.000.0328
DisplayVersion REG_SZ 009.000.0862
DisplayVersion REG_SZ 009.000.2068
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1
DisplayVersion REG_SZ 1.0.0
DisplayVersion REG_SZ 1.0.0
DisplayVersion REG_SZ 1.0.0
DisplayVersion REG_SZ 1.0.2002.1
DisplayVersion REG_SZ 1.0.4.805
DisplayVersion REG_SZ 1.00
DisplayVersion REG_SZ 1.00.0000
DisplayVersion REG_SZ 1.00.0000
DisplayVersion REG_SZ 1.00.0000
DisplayVersion REG_SZ 1.02.0000
DisplayVersion REG_SZ 1.1.0.3463
DisplayVersion REG_SZ 1.1.0.3514
DisplayVersion REG_SZ 1.1.4322
DisplayVersion REG_SZ 1.10.0000
DisplayVersion REG_SZ 1.10.0000
DisplayVersion REG_SZ 1.10.0000
DisplayVersion REG_SZ 1.10.0000
DisplayVersion REG_SZ 1.14
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.19.0000
DisplayVersion REG_SZ 1.2.183.39
DisplayVersion REG_SZ 1.3.2
DisplayVersion REG_SZ 1.4.2_03
DisplayVersion REG_SZ 1.7.1
DisplayVersion REG_SZ 1.8.0.0
DisplayVersion REG_SZ 10.0.1.22
DisplayVersion REG_SZ 10.0.1204
DisplayVersion REG_SZ 10.0.1204
DisplayVersion REG_SZ 10.0.1435
DisplayVersion REG_SZ 10.00.1439
DisplayVersion REG_SZ 10.00.1439
DisplayVersion REG_SZ 10.00.1439
DisplayVersion REG_SZ 10.00.1439
DisplayVersion REG_SZ 10.1.102.64
DisplayVersion REG_SZ 11.0.8173.0
DisplayVersion REG_SZ 12.0.6514.5001
DisplayVersion REG_SZ 2
DisplayVersion REG_SZ 2
DisplayVersion REG_SZ 2
DisplayVersion REG_SZ 2.0.0
DisplayVersion REG_SZ 2.0.0
DisplayVersion REG_SZ 2.0.0
DisplayVersion REG_SZ 2.0.3.0
DisplayVersion REG_SZ 2.00.0000
DisplayVersion REG_SZ 2.1.0.2
DisplayVersion REG_SZ 2.1.0.2
DisplayVersion REG_SZ 2.1.1.116
DisplayVersion REG_SZ 2.2.30729
DisplayVersion REG_SZ 2.4.28.0
DisplayVersion REG_SZ 2.41
DisplayVersion REG_SZ 2.5.16
DisplayVersion REG_SZ 20080414.031525
DisplayVersion REG_SZ 20090308.140743
DisplayVersion REG_SZ 3
DisplayVersion REG_SZ 3.0.0
DisplayVersion REG_SZ 3.0.0.0
DisplayVersion REG_SZ 3.1
DisplayVersion REG_SZ 3.2.0.47
DisplayVersion REG_SZ 3.2.30729
DisplayVersion REG_SZ 3.4.13.100
DisplayVersion REG_SZ 3.5.30729
DisplayVersion REG_SZ 4.1.371.0
DisplayVersion REG_SZ 4.20.9870.0
DisplayVersion REG_SZ 4.20.9876.0
DisplayVersion REG_SZ 4.4.12.100
DisplayVersion REG_SZ 4.4.15.100
DisplayVersion REG_SZ 4.4.38.1
DisplayVersion REG_SZ 4.95
DisplayVersion REG_SZ 5
DisplayVersion REG_SZ 5
DisplayVersion REG_SZ 5.1.760
DisplayVersion REG_SZ 5.4.13.100
DisplayVersion REG_SZ 5.4.24.100
DisplayVersion REG_SZ 5.8.0
DisplayVersion REG_SZ 6.0.170
DisplayVersion REG_SZ 6.0.2
DisplayVersion REG_SZ 6.00
DisplayVersion REG_SZ 6.1.1
DisplayVersion REG_SZ 6.14.10.5160
DisplayVersion REG_SZ 6.20.2003.0
DisplayVersion REG_SZ 6.4.12.100
DisplayVersion REG_SZ 6.4.16.100
DisplayVersion REG_SZ 6.6.1124.846
DisplayVersion REG_SZ 6.6.5100
DisplayVersion REG_SZ 7.0.19.0
DisplayVersion REG_SZ 7.0.74.0
DisplayVersion REG_SZ 7.68.75.0
DisplayVersion REG_SZ 8.0.59193
DisplayVersion REG_SZ 8.162-050803a2-025823C-Dell
DisplayVersion REG_SZ 9.0.0.1
DisplayVersion REG_SZ 9.0.30729.4148
DisplayVersion REG_SZ 9.00.0000
DisplayVersion REG_SZ 9.00.0000
DisplayVersion REG_SZ 9.00.0000
DisplayVersion REG_SZ 9.00.3636
DisplayVersion REG_SZ 9.4.19.100
DisplayVersion REG_SZ 9.4.27.100
DisplayVersion REG_SZ 9.50.7523
EstimatedSize REG_DWORD -12 (0xfffffff4)
EstimatedSize REG_DWORD -16 (0xfffffff0)
EstimatedSize REG_DWORD -16 (0xfffffff0)
EstimatedSize REG_DWORD -16 (0xfffffff0)
EstimatedSize REG_DWORD 10188 (0x27cc)
EstimatedSize REG_DWORD 10436 (0x28c4)
EstimatedSize REG_DWORD 110280 (0x1aec8)
EstimatedSize REG_DWORD 121144 (0x1d938)
EstimatedSize REG_DWORD 12422 (0x3086)
EstimatedSize REG_DWORD 12937 (0x3289)
EstimatedSize REG_DWORD 138379 (0x21c8b)
EstimatedSize REG_DWORD 139992 (0x222d8)
EstimatedSize REG_DWORD 142055 (0x22ae7)
EstimatedSize REG_DWORD 1433 (0x599)
EstimatedSize REG_DWORD 1479 (0x5c7)
EstimatedSize REG_DWORD 15538 (0x3cb2)
EstimatedSize REG_DWORD 1646 (0x66e)
EstimatedSize REG_DWORD 165449 (0x28649)
EstimatedSize REG_DWORD 166542 (0x28a8e)
EstimatedSize REG_DWORD 172284 (0x2a0fc)
EstimatedSize REG_DWORD 172797 (0x2a2fd)
EstimatedSize REG_DWORD 1768 (0x6e8)
EstimatedSize REG_DWORD 17716 (0x4534)
EstimatedSize REG_DWORD 17752 (0x4558)
EstimatedSize REG_DWORD 18262 (0x4756)
EstimatedSize REG_DWORD 188885 (0x2e1d5)
EstimatedSize REG_DWORD 204 (0xcc)
EstimatedSize REG_DWORD 20609 (0x5081)
EstimatedSize REG_DWORD 213825 (0x34341)
EstimatedSize REG_DWORD 2208 (0x8a0)
EstimatedSize REG_DWORD 22458 (0x57ba)
EstimatedSize REG_DWORD 23232 (0x5ac0)
EstimatedSize REG_DWORD 236 (0xec)
EstimatedSize REG_DWORD 2456 (0x998)
EstimatedSize REG_DWORD 2729 (0xaa9)
EstimatedSize REG_DWORD 274 (0x112)
EstimatedSize REG_DWORD 276 (0x114)
EstimatedSize REG_DWORD 28 (0x1c)
EstimatedSize REG_DWORD 28 (0x1c)
EstimatedSize REG_DWORD 2833 (0xb11)
EstimatedSize REG_DWORD 28912 (0x70f0)
EstimatedSize REG_DWORD 2919 (0xb67)
EstimatedSize REG_DWORD 3013 (0xbc5)
EstimatedSize REG_DWORD 3312 (0xcf0)
EstimatedSize REG_DWORD 3328 (0xd00)
EstimatedSize REG_DWORD 3575 (0xdf7)
EstimatedSize REG_DWORD 3698 (0xe72)
EstimatedSize REG_DWORD 38889 (0x97e9)
EstimatedSize REG_DWORD 4037 (0xfc5)
EstimatedSize REG_DWORD 422964 (0x67434)
EstimatedSize REG_DWORD 4234 (0x108a)
EstimatedSize REG_DWORD 45572 (0xb204)
EstimatedSize REG_DWORD 461 (0x1cd)
EstimatedSize REG_DWORD 4644 (0x1224)
EstimatedSize REG_DWORD 4788 (0x12b4)
EstimatedSize REG_DWORD 48 (0x30)
EstimatedSize REG_DWORD 480 (0x1e0)
EstimatedSize REG_DWORD 4882 (0x1312)
EstimatedSize REG_DWORD 50725 (0xc625)
EstimatedSize REG_DWORD 528 (0x210)
EstimatedSize REG_DWORD 5380 (0x1504)
EstimatedSize REG_DWORD 547635 (0x85b33)
EstimatedSize REG_DWORD 57544 (0xe0c8)
EstimatedSize REG_DWORD 5780 (0x1694)
EstimatedSize REG_DWORD 6009 (0x1779)
EstimatedSize REG_DWORD 6144 (0x1800)
EstimatedSize REG_DWORD 673 (0x2a1)
EstimatedSize REG_DWORD 724 (0x2d4)
EstimatedSize REG_DWORD 75513 (0x126f9)
EstimatedSize REG_DWORD 76372 (0x12a54)
EstimatedSize REG_DWORD 770 (0x302)
EstimatedSize REG_DWORD 82584 (0x14298)
EstimatedSize REG_DWORD 86708 (0x152b4)
EstimatedSize REG_DWORD 93224 (0x16c28)
EstimatedSize REG_DWORD 96450 (0x178c2)
EstimatedSize REG_DWORD 990 (0x3de)
HelpLink REG_EXPAND_SZ http://go.microsoft.com/fwlink/?LinkId=9647
HelpLink REG_EXPAND_SZ http://go.microsoft.com/fwlink/?LinkId=98073
HelpLink REG_EXPAND_SZ http://go.microsoft.com/fwlink/?LinkId=98075
HelpLink REG_EXPAND_SZ http://java.com
HelpLink REG_EXPAND_SZ http://support.dell.com
HelpLink REG_EXPAND_SZ http://support.dell.com
HelpLink REG_EXPAND_SZ http://support.dell.com
HelpLink REG_EXPAND_SZ http://support.dell.com/
HelpLink REG_EXPAND_SZ http://support.dell.com/support/topics/global.aspx/support/kb/en/document?dn=1091989
HelpLink REG_EXPAND_SZ http://support.microsoft.com/kb/954430
HelpLink REG_EXPAND_SZ http://support.microsoft.com/kb/973686
HelpLink REG_EXPAND_SZ http://support.microsoft.com/kb/973688
HelpLink REG_EXPAND_SZ http://support.sonic.com/
HelpLink REG_EXPAND_SZ http://support.sonic.com/
HelpLink REG_EXPAND_SZ http://www.adobe.com/support/main.html
HelpLink REG_EXPAND_SZ http://www.adobe.com/support/main.html
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.apple.com/support/
HelpLink REG_EXPAND_SZ http://www.avg.com
HelpLink REG_EXPAND_SZ http://www.avg.com
HelpLink REG_EXPAND_SZ http://www.corel.com/support
HelpLink REG_EXPAND_SZ http://www.hp.com
HelpLink REG_EXPAND_SZ http://www.hp.com
HelpLink REG_EXPAND_SZ http://www.hp.com
HelpLink REG_EXPAND_SZ http://www.hp.com
HelpLink REG_EXPAND_SZ http://www.intel.com
HelpLink REG_EXPAND_SZ http://www.intel.com
HelpLink REG_EXPAND_SZ http://www.intel.com
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.intel.com/support
HelpLink REG_EXPAND_SZ http://www.java.com
HelpLink REG_EXPAND_SZ http://www.logitech.com/support
HelpLink REG_EXPAND_SZ http://www.microsoft.com/support
HelpLink REG_EXPAND_SZ http://www.microsoft.com/support
HelpLink REG_EXPAND_SZ http://www.microsoft.com/support
HelpLink REG_EXPAND_SZ http://www.microsoft.com/windows
HelpLink REG_EXPAND_SZ http://www.vantagelinguistics.com
HelpLink REG_EXPAND_SZ http://www.yourcompany.com/help
HelpLink REG_EXPAND_SZ http://www.yourcompany.com/help
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ
HelpLink REG_SZ http:
HelpLink REG_SZ http:
HelpLink REG_SZ http://desktop.google.com/help.html?hl=en
HelpLink REG_SZ http://go.microsoft.com/fwlink/?LinkId=120337
HelpLink REG_SZ http://go.microsoft.com/fwlink/?LinkId=62768
HelpLink REG_SZ http://go.microsoft.com/fwlink/?LinkId=74087
HelpLink REG_SZ http://photos.google.com/
HelpLink REG_SZ http://support.dell.com
HelpLink REG_SZ http://support.microsoft.com/?kbid=2378111
HelpLink REG_SZ http://support.microsoft.com/?kbid=913800
HelpLink REG_SZ http://support.microsoft.com/?kbid=926251
HelpLink REG_SZ http://support.microsoft.com/?kbid=929399
HelpLink REG_SZ http://support.microsoft.com/?kbid=936782
HelpLink REG_SZ http://support.microsoft.com/?kbid=939683
HelpLink REG_SZ http://support.microsoft.com/?kbid=952069
HelpLink REG_SZ http://support.microsoft.com/?kbid=954154
HelpLink REG_SZ http://support.microsoft.com/?kbid=954155
HelpLink REG_SZ http://support.microsoft.com/?kbid=968816
HelpLink REG_SZ http://support.microsoft.com/?kbid=973540
HelpLink REG_SZ http://support.microsoft.com/?kbid=975558
HelpLink REG_SZ http://support.microsoft.com/?kbid=978695
HelpLink REG_SZ http://support.microsoft.com/kb/2416473
HelpLink REG_SZ http://support.microsoft.com/kb/953595
HelpLink REG_SZ http://support.microsoft.com/kb/958484
HelpLink REG_SZ http://support.microsoft.com/kb/963707
HelpLink REG_SZ http://support.microsoft.com?kbid=2
HelpLink REG_SZ http://support.microsoft.com?kbid=2079403
HelpLink REG_SZ http://support.microsoft.com?kbid=2115168
HelpLink REG_SZ http://support.microsoft.com?kbid=2121546
HelpLink REG_SZ http://support.microsoft.com?kbid=2141007
HelpLink REG_SZ http://support.microsoft.com?kbid=2229593
HelpLink REG_SZ http://support.microsoft.com?kbid=2259922
HelpLink REG_SZ http://support.microsoft.com?kbid=2286198
HelpLink REG_SZ http://support.microsoft.com?kbid=2296011
HelpLink REG_SZ http://support.microsoft.com?kbid=2296199
HelpLink REG_SZ http://support.microsoft.com?kbid=2345886
HelpLink REG_SZ http://support.microsoft.com?kbid=2347290
HelpLink REG_SZ http://support.microsoft.com?kbid=2360937
HelpLink REG_SZ http://support.microsoft.com?kbid=2387149
HelpLink REG_SZ http://support.microsoft.com?kbid=2416400
HelpLink REG_SZ http://support.microsoft.com?kbid=2419632
HelpLink REG_SZ http://support.microsoft.com?kbid=2423089
HelpLink REG_SZ http://support.microsoft.com?kbid=2436673
HelpLink REG_SZ http://support.microsoft.com?kbid=2440591
HelpLink REG_SZ http://support.microsoft.com?kbid=2443105
HelpLink REG_SZ http://support.microsoft.com?kbid=2443685
HelpLink REG_SZ http://support.microsoft.com?kbid=2467659
HelpLink REG_SZ http://support.microsoft.com?kbid=900325
HelpLink REG_SZ http://support.microsoft.com?kbid=903157
HelpLink REG_SZ http://support.microsoft.com?kbid=908246
HelpLink REG_SZ http://support.microsoft.com?kbid=923561
HelpLink REG_SZ http://support.microsoft.com?kbid=923689
HelpLink REG_SZ http://support.microsoft.com?kbid=925766
HelpLink REG_SZ http://support.microsoft.com?kbid=931906
HelpLink REG_SZ http://support.microsoft.com?kbid=936929
HelpLink REG_SZ http://support.microsoft.com?kbid=938464
HelpLink REG_SZ http://support.microsoft.com?kbid=941569
HelpLink REG_SZ http://support.microsoft.com?kbid=946648
HelpLink REG_SZ http://support.microsoft.com?kbid=950762
HelpLink REG_SZ http://support.microsoft.com?kbid=950974
HelpLink REG_SZ http://support.microsoft.com?kbid=951066
HelpLink REG_SZ http://support.microsoft.com?kbid=951376
HelpLink REG_SZ http://support.microsoft.com?kbid=951748
HelpLink REG_SZ http://support.microsoft.com?kbid=951978
HelpLink REG_SZ http://support.microsoft.com?kbid=952004
HelpLink REG_SZ http://support.microsoft.com?kbid=952287
HelpLink REG_SZ http://support.microsoft.com?kbid=952954
HelpLink REG_SZ http://support.microsoft.com?kbid=954550
HelpLink REG_SZ http://support.microsoft.com?kbid=954600
HelpLink REG_SZ http://support.microsoft.com?kbid=955069
HelpLink REG_SZ http://support.microsoft.com?kbid=955759
HelpLink REG_SZ http://support.microsoft.com?kbid=955839
HelpLink REG_SZ http://support.microsoft.com?kbid=956572
HelpLink REG_SZ http://support.microsoft.com?kbid=956744
HelpLink REG_SZ http://support.microsoft.com?kbid=956802
HelpLink REG_SZ http://support.microsoft.com?kbid=956803
HelpLink REG_SZ http://support.microsoft.com?kbid=956844
HelpLink REG_SZ http://support.microsoft.com?kbid=957097
HelpLink REG_SZ http://support.microsoft.com?kbid=958644
HelpLink REG_SZ http://support.microsoft.com?kbid=958687
HelpLink REG_SZ http://support.microsoft.com?kbid=958869
HelpLink REG_SZ http://support.microsoft.com?kbid=959426
HelpLink REG_SZ http://support.microsoft.com?kbid=960225
HelpLink REG_SZ http://support.microsoft.com?kbid=960803
HelpLink REG_SZ http://support.microsoft.com?kbid=960859
HelpLink REG_SZ http://support.microsoft.com?kbid=961118
HelpLink REG_SZ http://support.microsoft.com?kbid=961371
HelpLink REG_SZ http://support.microsoft.com?kbid=961501
HelpLink REG_SZ http://support.microsoft.com?kbid=967715
HelpLink REG_SZ http://support.microsoft.com?kbid=968389
HelpLink REG_SZ http://support.microsoft.com?kbid=968537
HelpLink REG_SZ http://support.microsoft.com?kbid=969059
HelpLink REG_SZ http://support.microsoft.com?kbid=969947
HelpLink REG_SZ http://support.microsoft.com?kbid=970238
HelpLink REG_SZ http://support.microsoft.com?kbid=970430
HelpLink REG_SZ http://support.microsoft.com?kbid=970653
HelpLink REG_SZ http://support.microsoft.com?kbid=971468
HelpLink REG_SZ http://support.microsoft.com?kbid=971486
HelpLink REG_SZ http://support.microsoft.com?kbid=971557
HelpLink REG_SZ http://support.microsoft.com?kbid=971633
HelpLink REG_SZ http://support.microsoft.com?kbid=971657
HelpLink REG_SZ http://support.microsoft.com?kbid=971737
HelpLink REG_SZ http://support.microsoft.com?kbid=971961
HelpLink REG_SZ http://support.microsoft.com?kbid=972260
HelpLink REG_SZ http://support.microsoft.com?kbid=972260
HelpLink REG_SZ http://support.microsoft.com?kbid=972270
HelpLink REG_SZ http://support.microsoft.com?kbid=972636
HelpLink REG_SZ http://support.microsoft.com?kbid=973346
HelpLink REG_SZ http://support.microsoft.com?kbid=973354
HelpLink REG_SZ http://support.microsoft.com?kbid=973507
HelpLink REG_SZ http://support.microsoft.com?kbid=973525
HelpLink REG_SZ http://support.microsoft.com?kbid=973687
HelpLink REG_SZ http://support.microsoft.com?kbid=973768
HelpLink REG_SZ http://support.microsoft.com?kbid=973815
HelpLink REG_SZ http://support.microsoft.com?kbid=973869
HelpLink REG_SZ http://support.microsoft.com?kbid=973904
HelpLink REG_SZ http://support.microsoft.com?kbid=974112
HelpLink REG_SZ http://support.microsoft.com?kbid=974318
HelpLink REG_SZ http://support.microsoft.com?kbid=974392
HelpLink REG_SZ http://support.microsoft.com?kbid=974455
HelpLink REG_SZ http://support.microsoft.com?kbid=974571
HelpLink REG_SZ http://support.microsoft.com?kbid=975025
HelpLink REG_SZ http://support.microsoft.com?kbid=975467
HelpLink REG_SZ http://support.microsoft.com?kbid=975560
HelpLink REG_SZ http://support.microsoft.com?kbid=975561
HelpLink REG_SZ http://support.microsoft.com?kbid=975562
HelpLink REG_SZ http://support.microsoft.com?kbid=975713
HelpLink REG_SZ http://support.microsoft.com?kbid=976002
HelpLink REG_SZ http://support.microsoft.com?kbid=976098
HelpLink REG_SZ http://support.microsoft.com?kbid=976325
HelpLink REG_SZ http://support.microsoft.com?kbid=976662
HelpLink REG_SZ http://support.microsoft.com?kbid=976749
HelpLink REG_SZ http://support.microsoft.com?kbid=977165
HelpLink REG_SZ http://support.microsoft.com?kbid=977816
HelpLink REG_SZ http://support.microsoft.com?kbid=977914
HelpLink REG_SZ http://support.microsoft.com?kbid=978037
HelpLink REG_SZ http://support.microsoft.com?kbid=978207
HelpLink REG_SZ http://support.microsoft.com?kbid=978251
HelpLink REG_SZ http://support.microsoft.com?kbid=978262
HelpLink REG_SZ http://support.microsoft.com?kbid=978338
HelpLink REG_SZ http://support.microsoft.com?kbid=978542
HelpLink REG_SZ http://support.microsoft.com?kbid=978601
HelpLink REG_SZ http://support.microsoft.com?kbid=978706
HelpLink REG_SZ http://support.microsoft.com?kbid=979306
HelpLink REG_SZ http://support.microsoft.com?kbid=979309
HelpLink REG_SZ http://support.microsoft.com?kbid=979482
HelpLink REG_SZ http://support.microsoft.com?kbid=979559
HelpLink REG_SZ http://support.microsoft.com?kbid=979683
HelpLink REG_SZ http://support.microsoft.com?kbid=979687
HelpLink REG_SZ http://support.microsoft.com?kbid=980182
HelpLink REG_SZ http://support.microsoft.com?kbid=980195
HelpLink REG_SZ http://support.microsoft.com?kbid=980218
HelpLink REG_SZ http://support.microsoft.com?kbid=980232
HelpLink REG_SZ http://support.microsoft.com?kbid=980436
HelpLink REG_SZ http://support.microsoft.com?kbid=981322
HelpLink REG_SZ http://support.microsoft.com?kbid=981332
HelpLink REG_SZ http://support.microsoft.com?kbid=981793
HelpLink REG_SZ http://support.microsoft.com?kbid=981852
HelpLink REG_SZ http://support.microsoft.com?kbid=981997
HelpLink REG_SZ http://support.microsoft.com?kbid=982132
HelpLink REG_SZ http://support.microsoft.com?kbid=982214
HelpLink REG_SZ http://support.microsoft.com?kbid=982381
HelpLink REG_SZ http://support.microsoft.com?kbid=982665
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
HelpLink REG_SZ http://www.microsoft.com/ie
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ
HelpTelephone REG_SZ (208) 323-2551
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ +1 (800) 538-3373
HelpTelephone REG_SZ 0
HelpTelephone REG_SZ 1-555-555-4505
HelpTelephone REG_SZ 1-555-555-4505
HelpTelephone REG_SZ 1-555-555-4505
HelpTelephone REG_SZ 1-555-555-4505
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-275-2273
HelpTelephone REG_SZ 1-800-624-9896
HelpTelephone REG_SZ 1-800-833-6687
HelpTelephone REG_SZ http://support.dell.com/
HelpTelephone REG_SZ http://support.dell.com/
HelpTelephone REG_SZ http://www.java.com
HelpTelephone REG_SZ U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202
HelpTelephone REG_SZ USA: (702) 269-3457 UK: +44 (0) 1344-894301
HiddenByIE8Setup REG_DWORD 1 (0x1)
HiddenByIE8Setup REG_DWORD 1 (0x1)
HiddenByIE8Setup REG_DWORD 1 (0x1)
HiddenByIE8Setup REG_DWORD 1 (0x1)
InstallDate REG_SZ 20050816
InstallDate REG_SZ 20050816
InstallDate REG_SZ 20050816
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20060116
InstallDate REG_SZ 20090807
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090808
InstallDate REG_SZ 20090811
InstallDate REG_SZ 20090813
InstallDate REG_SZ 20090819
InstallDate REG_SZ 20090819
InstallDate REG_SZ 20090819
InstallDate REG_SZ 20090826
InstallDate REG_SZ 20090910
InstallDate REG_SZ 20090910
InstallDate REG_SZ 20090910
InstallDate REG_SZ 20091008
InstallDate REG_SZ 20091024
InstallDate REG_SZ 20091024
InstallDate REG_SZ 20091024
InstallDate REG_SZ 20091024
InstallDate REG_SZ 20091104
InstallDate REG_SZ 20091124
InstallDate REG_SZ 20091125
InstallDate REG_SZ 20091129
InstallDate REG_SZ 20091210
InstallDate REG_SZ 20091210
InstallDate REG_SZ 20100122
InstallDate REG_SZ 20100211
InstallDate REG_SZ 20100225
InstallDate REG_SZ 20100225
InstallDate REG_SZ 20100331
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100405
InstallDate REG_SZ 20100414
InstallDate REG_SZ 20100414
InstallDate REG_SZ 20100527
InstallDate REG_SZ 20100601
InstallDate REG_SZ 20100604
InstallDate REG_SZ 20100610
InstallDate REG_SZ 20100610
InstallDate REG_SZ 20100610
InstallDate REG_SZ 20100802
InstallDate REG_SZ 20100802
InstallDate REG_SZ 20101015
InstallDate REG_SZ 20101019
InstallDate REG_SZ 20101019
InstallDate REG_SZ 20101019
InstallDate REG_SZ 20101019
InstallDate REG_SZ 20101019
InstallDate REG_SZ 20101110
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101114
InstallDate REG_SZ 20101130
InstallDate REG_SZ 20101215
InstallDate REG_SZ 20101217
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110108
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110111
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110112
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110113
InstallDate REG_SZ 20110116
InstallDate REG_SZ 20110127
Installed REG_DWORD 1 (0x1)
Installed REG_DWORD 1 (0x1)
Installed REG_DWORD 1 (0x1)
Installed REG_DWORD 1 (0x1)
InstallLanguage REG_SZ enu
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ
InstallLocation REG_SZ "C:\Program Files\Google\Picasa3"
InstallLocation REG_SZ C:\Program Files\
InstallLocation REG_SZ C:\Program Files\Apple Software Update\
InstallLocation REG_SZ C:\Program Files\Bonjour\
InstallLocation REG_SZ C:\Program Files\Clarus\Samsung Auto Backup
InstallLocation REG_SZ C:\Program Files\Common Files\Apple\Apple Application Support\
InstallLocation REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\
InstallLocation REG_SZ C:\Program Files\Common Files\Logitech\QCDRV
InstallLocation REG_SZ C:\Program Files\Corel\Corel Photo Album 6\
InstallLocation REG_SZ C:\Program Files\Dell Support\
InstallLocation REG_SZ C:\Program Files\Dell\NicConfigSvc
InstallLocation REG_SZ C:\Program Files\Dell\QuickSet
InstallLocation REG_SZ C:\Program Files\Digital Line Detect
InstallLocation REG_SZ C:\Program Files\Google\Google Toolbar\
InstallLocation REG_SZ C:\Program Files\Google\Installers\
InstallLocation REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\
InstallLocation REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\
InstallLocation REG_SZ C:\Program Files\iTunes\
InstallLocation REG_SZ C:\Program Files\Java\jre6\
InstallLocation REG_SZ C:\Program Files\Logitech\QuickCam10\
InstallLocation REG_SZ C:\Program Files\Modem Helper
InstallLocation REG_SZ C:\Program Files\Musicmatch\MUSICMATCH Music Services
InstallLocation REG_SZ C:\Program Files\My Company Name\My Product Name\
InstallLocation REG_SZ C:\Program Files\My Company Name\My Product Name\
InstallLocation REG_SZ C:\Program Files\My Company Name\My Product Name\
InstallLocation REG_SZ C:\Program Files\Nero\AdvrCntr4\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero BurnRights\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero CoverDesigner\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero DiscSpeed\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero DriveSpeed\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero Express\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero InfoTool\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero PhotoSnap\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero Recode\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero ShowTime\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero StartSmart\
InstallLocation REG_SZ C:\Program Files\Nero\Nero 9\Nero Vision\
InstallLocation REG_SZ C:\Program Files\Nero\Nero ControlCenter 4\
InstallLocation REG_SZ C:\Program Files\Nero\Tools\InCD\
InstallLocation REG_SZ C:\Program Files\NetWaiting
InstallLocation REG_SZ C:\Program Files\QuickTime\
InstallLocation REG_SZ C:\Program Files\TurboTax\Deluxe 2009\
InstallLocation REG_SZ C:\Program Files\TurboTax\Deluxe 2009\
InstallLocation REG_SZ C:\Program Files\TurboTax\Deluxe 2009\
InstallLocation REG_SZ C:\Program Files\TurboTax\Deluxe 2009\
InstallLocation REG_SZ C:\WINDOWS\Installer\iProInst.exe
InstallLocation REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v3.5\
InstallSource REG_SZ
InstallSource REG_SZ c:\2daf30a85eab25b5c4be5f364dad\
InstallSource REG_SZ c:\ab46321dbfb623b9f458e831\
InstallSource REG_SZ c:\b66904332d71f7017e25926b607789\wcu\dotNetFramework\dotnetfx20\
InstallSource REG_SZ c:\b66904332d71f7017e25926b607789\wcu\dotNetFramework\dotnetfx30\
InstallSource REG_SZ C:\Dell\H3161\
InstallSource REG_SZ C:\dell\KC999\
InstallSource REG_SZ C:\dell\M8192\
InstallSource REG_SZ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\{9FA91422-54D2-4F67-AD98-8D52FA539E9C}\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\AVGDownloadManager\packages\setup\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\IXP066D4.tmp\dotnetfx35\x86\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\IXP079.TMP\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_10\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_12\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_13\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_15\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_16\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_19\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_20\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_22\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_5\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_57\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_6\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_61\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_app_63\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_tpi_imagxpress-7.0.74.0\
InstallSource REG_SZ C:\DOCUME~1\Stephen\LOCALS~1\Temp\NERO1005565\Nero 9 Essentials\unit_tpi_msxml-4\
InstallSource REG_SZ C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\
InstallSource REG_SZ C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\
InstallSource REG_SZ C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\
InstallSource REG_SZ C:\Documents and Settings\All Users\Application Data\Intuit\Common\Update Service\v2\Data\38975f50eaa2012badb4000000000000\C\C-wcaiper\009.000.0862_msi\v1\F\
InstallSource REG_SZ C:\Documents and Settings\All Users\Application Data\MFAData\pack\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Application Data\Sun\Java\jre1.6.0_17\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Apple\Apple Software Update\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Apple\Apple Software Update\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Apple\Apple Software Update\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Apple\Apple Software Update\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Apple\Apple Software Update\
InstallSource REG_SZ C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\Download\{AEDC018F-7CBD-4EA1-A2B4-A01DFD9863A5}\
InstallSource REG_SZ c:\f8891c917d6bc954b5\
InstallSource REG_SZ C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\
InstallSource REG_SZ C:\Program Files\Google\Google Toolbar\
InstallSource REG_SZ C:\Program Files\Google\Update\1.2.183.39\
InstallSource REG_SZ C:\Program Files\Hewlett-Packard\Digital Imaging\product\
InstallSource REG_SZ C:\Program Files\MSECache\O2007Cnv\1033\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\Installer\iprodata\
InstallSource REG_SZ C:\WINDOWS\system32\
InstallSource REG_SZ C:\WINDOWS\TEMP\IXP000.TMP\
InstallSource REG_SZ d:\OEM\CONTENT\Extras\Sonic\
InstallSource REG_SZ D:\setup\mm\
InstallSource REG_SZ D:\TurboTax 2009\MSI\
InstallSource REG_SZ D:\TurboTax 2009\MSI\
InstallSource REG_SZ D:\TurboTax 2009\MSI\
InstallSource REG_SZ D:\TurboTax 2009\MSI\
InstallSource REG_SZ D:\TurboTax 2009\MSI\
InstallSource REG_SZ E:\SamsungSoftware\AutoBackupSetup.exe
InstallSource REG_SZ F:\
InstallSource REG_SZ F:\
InstallSource REG_SZ F:\Drivers\Bin\
InstallSource REG_SZ F:\Drivers\Bin\
InstallSource REG_SZ F:\Drivers\Bin\
InstallSource REG_SZ F:\Drivers\Bin\
InstallSource REG_SZ F:\QuickCam\x32\

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 30 January 2011 - 05:02 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 30 January 2011 - 05:19 AM

Dear Gringo,

I tried to run Combofix, but I received this message (in like 10 languages):

"error - win 32 only: incompatible os. combofix only works for workstations with windows 2000 and XP"

Odd, right? I have Windows XP as far as I know...

Many thanks,

HelpHolland

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 30 January 2011 - 12:27 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 30 January 2011 - 03:45 PM

Hi Gringo!

Thanks again for the help. So, here's what happened:

(1) I tried to run ComboFix in SafeMode, but then I got a warning pop-up saying that it can't run with AVG installed (apparently, even though it was disabled!) It told me to uninstall it, so I went ahead and did.

(2) After uninstalling AVG, I went back into SafeMode and did ComboFix (mainly, as a side note, because uninstalling AVG, I think caused mini-drama and a blue screen and all that, but I think it fixed itself, so let's not worry about that right now).

(3) It asked me to install Recovery Console. I clicked OK, but because -- I think -- my (wireless) internet doesn't work in SafeMode (just my guess), the internet couldn't be detected and the program couldn't download the Console. It ran its function anyway.

(4) After it ran all its tests, it seems that it deleted a file: C:\Windows\System32\lvcoinst.dll.

(5) In the end, I got the ComboFix Report. Here is the text below.

Thank you so much! By the way, all the problems persist, so I don't think deleting that file fixed it. I look forward to your next instructions. Many many thanks...

-------------------------------------------------------------------------------------------------------------

ComboFix 11-01-29.02 - Administrator 01/30/2011 20:53:21.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.809 [GMT 1:00]
Running from: c:\documents and settings\Stephen\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lvcoinst.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2011-01-16 21:28 . 2011-01-16 21:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-01-13 16:46 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-01-13 16:46 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-01-13 16:46 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-01-13 16:46 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2011-01-13 16:40 . 2011-01-13 16:41 -------- d-----w- c:\program files\Common Files\Logitech
2011-01-13 16:39 . 2011-01-13 16:39 -------- d-----w- c:\program files\Logitech
2011-01-13 16:39 . 2011-01-13 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-01-12 14:35 . 2011-01-12 14:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-01-12 14:32 . 2011-01-12 14:32 -------- d-----w- c:\windows\system32\dumps
2011-01-12 11:18 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-01-12 11:18 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-12 11:18 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-01-12 11:17 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-01-12 11:10 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-12 11:01 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-01-11 16:28 . 2011-01-11 16:53 -------- d-----w- c:\windows\system32\scripting
2011-01-11 16:28 . 2011-01-11 16:28 -------- d-----w- c:\windows\l2schemas
2011-01-11 16:28 . 2011-01-11 16:53 -------- d-----w- c:\windows\system32\en
2011-01-11 16:28 . 2011-01-11 16:52 -------- d-----w- c:\windows\system32\bits
2011-01-11 13:04 . 2011-01-11 13:04 -------- d-----w- C:\Log
2011-01-11 13:04 . 2011-01-11 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Clarus
2011-01-11 12:57 . 2011-01-11 12:57 -------- d-----w- c:\program files\Clarus
2011-01-08 18:16 . 2011-01-08 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-01-08 18:16 . 2011-01-08 18:24 -------- d-----w- c:\program files\Common Files\Nero
2011-01-08 18:11 . 2009-10-16 09:42 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys
2011-01-08 18:11 . 2009-10-16 09:43 130200 ----a-w- c:\windows\system32\drivers\InCDFs.sys
2011-01-08 18:11 . 2009-10-16 09:42 48280 ----a-w- c:\windows\system32\drivers\InCDPass.sys
2011-01-08 18:11 . 2011-01-08 18:29 -------- d-----w- c:\program files\Nero
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\documents and settings\Mihalis.DGQZB691\Application Data\AVG10
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\documents and settings\Stephen\Application Data\AVG10
2011-01-02 15:07 . 2011-01-02 15:07 -------- d-----w- c:\documents and settings\Stephen\Application Data\CyberLink
2011-01-02 15:05 . 2011-01-02 15:05 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Help
2011-01-02 15:05 . 2011-01-02 15:05 -------- d-----w- C:\Google
2011-01-02 15:05 . 2011-01-02 15:05 -------- d-----w- c:\documents and settings\Mihalis.DGQZB691\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 10:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 09:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-29 149280]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Dell QuickSet"="c:\program files\dell\quickset\quickset.exe" [2005-09-01 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-16 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-01-16 168448]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]
"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]

c:\documents and settings\Stephen\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-1-11 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-1-11 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-1-11 102400]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-16 24576]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Stephen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 5:38 PM 135664]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [10/16/2009 10:44 AM 53560]
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2011-01-13 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8294909559.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:38]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:38]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3636508146-3117499700-2134760326-1007Core.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 01:51]

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3636508146-3117499700-2134760326-1007UA.job
- c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 21:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-01-30 21:07:50
ComboFix-quarantined-files.txt 2011-01-30 20:07

Pre-Run: 19,344,850,944 bytes free
Post-Run: 21,902,098,432 bytes free

- - End Of File - - 0A3245DE48E3485582FCD447F1D718DD

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 30 January 2011 - 03:54 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 31 January 2011 - 01:30 PM

Hola Gringo!

Buenas noticias, I think TDSSKiller worked! I ran the program, it found an infected file, and cured it. Then it had be restart. Upon restarting, none of the weird stuff happened (RealPlayer didn't open, the other message didn't show up, etc.) and when I use Google and click on the search results, it doesn't send it to gomeo!

Now, the TDSSKiller didn't continue scanning, so I don't know if it's done. Should I run it again? I'll leave that to you. It looks good to me, but like I said, I'll leave that to your expertise. See log below. Like I said, as far as I can tell, the problem is fixed.

Thank you Gringo (and BleepingComputer)!!! You rock!!!

HelpHolland

---------------------------------------

2011/01/31 19:15:14.0328 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 19:15:14.0328 ================================================================================
2011/01/31 19:15:14.0328 SystemInfo:
2011/01/31 19:15:14.0328
2011/01/31 19:15:14.0328 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/31 19:15:14.0328 Product type: Workstation
2011/01/31 19:15:14.0328 ComputerName: DGQZB691
2011/01/31 19:15:14.0328 UserName: Stephen
2011/01/31 19:15:14.0328 Windows directory: C:\WINDOWS
2011/01/31 19:15:14.0328 System windows directory: C:\WINDOWS
2011/01/31 19:15:14.0328 Processor architecture: Intel x86
2011/01/31 19:15:14.0328 Number of processors: 1
2011/01/31 19:15:14.0328 Page size: 0x1000
2011/01/31 19:15:14.0328 Boot type: Normal boot
2011/01/31 19:15:14.0328 ================================================================================
2011/01/31 19:15:15.0265 Initialize success
2011/01/31 19:15:20.0062 ================================================================================
2011/01/31 19:15:20.0062 Scan started
2011/01/31 19:15:20.0062 Mode: Manual;
2011/01/31 19:15:20.0062 ================================================================================
2011/01/31 19:15:23.0312 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/31 19:15:23.0406 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/31 19:15:23.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/31 19:15:23.0531 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/31 19:15:23.0609 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/31 19:15:23.0718 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/31 19:15:23.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/31 19:15:23.0953 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/31 19:15:24.0187 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/31 19:15:24.0234 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/31 19:15:24.0281 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/31 19:15:24.0359 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/31 19:15:24.0421 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/31 19:15:24.0468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/31 19:15:24.0515 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/31 19:15:24.0578 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/31 19:15:24.0609 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/31 19:15:24.0656 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/31 19:15:24.0734 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/01/31 19:15:25.0281 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/31 19:15:25.0343 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/31 19:15:25.0375 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/31 19:15:25.0453 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/31 19:15:25.0531 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/31 19:15:25.0625 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/31 19:15:25.0687 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/31 19:15:25.0843 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/31 19:15:26.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/31 19:15:26.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/31 19:15:26.0265 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/31 19:15:26.0328 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/31 19:15:26.0359 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/31 19:15:26.0406 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/31 19:15:26.0453 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/31 19:15:26.0500 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/31 19:15:26.0531 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/31 19:15:26.0593 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/31 19:15:26.0796 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/31 19:15:26.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/31 19:15:27.0093 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/31 19:15:27.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/31 19:15:27.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/31 19:15:27.0265 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/31 19:15:27.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/31 19:15:27.0375 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/31 19:15:27.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/31 19:15:27.0531 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/31 19:15:27.0609 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/31 19:15:27.0734 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/31 19:15:27.0796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/31 19:15:27.0843 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/31 19:15:27.0875 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/31 19:15:27.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/31 19:15:28.0015 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/31 19:15:28.0078 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/31 19:15:28.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/31 19:15:28.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/31 19:15:28.0265 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/31 19:15:28.0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/31 19:15:28.0375 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/31 19:15:28.0421 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/31 19:15:28.0468 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/31 19:15:28.0734 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/31 19:15:28.0828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/31 19:15:28.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/31 19:15:28.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/31 19:15:29.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/31 19:15:29.0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/31 19:15:29.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/31 19:15:29.0312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/01/31 19:15:29.0406 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/31 19:15:29.0531 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/31 19:15:29.0718 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/31 19:15:29.0765 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/31 19:15:29.0875 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/31 19:15:29.0937 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/01/31 19:15:30.0046 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/01/31 19:15:30.0156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/31 19:15:30.0281 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/31 19:15:30.0500 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/31 19:15:30.0578 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/31 19:15:30.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/31 19:15:30.0750 InCDFs (26f2d2aa8c5942ebc5f4c626c4b37794) C:\WINDOWS\system32\DRIVERS\InCDFs.sys
2011/01/31 19:15:30.0781 InCDPass (4c5e4899d0fda39292d8e6e13a7148ee) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/01/31 19:15:30.0812 InCDRec (a08d75215a7852f7d496b6fc0df30361) C:\WINDOWS\system32\DRIVERS\InCDRec.sys
2011/01/31 19:15:30.0890 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/31 19:15:30.0921 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/31 19:15:30.0984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/31 19:15:31.0046 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/31 19:15:31.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/31 19:15:31.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/31 19:15:31.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/31 19:15:31.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/31 19:15:31.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/31 19:15:31.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/31 19:15:31.0578 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/01/31 19:15:31.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/31 19:15:31.0687 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/31 19:15:31.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/31 19:15:32.0031 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/01/31 19:15:32.0375 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/01/31 19:15:32.0484 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys
2011/01/31 19:15:32.0593 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/01/31 19:15:32.0703 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/31 19:15:32.0937 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/31 19:15:33.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/31 19:15:33.0093 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/31 19:15:33.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/31 19:15:33.0250 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/31 19:15:33.0296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/31 19:15:33.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/31 19:15:33.0453 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/31 19:15:33.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/31 19:15:33.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/31 19:15:33.0671 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/31 19:15:33.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/31 19:15:33.0812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/31 19:15:34.0140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/31 19:15:34.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/31 19:15:34.0296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/31 19:15:34.0390 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/31 19:15:34.0468 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/31 19:15:34.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/31 19:15:34.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/31 19:15:34.0656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/31 19:15:34.0718 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/31 19:15:34.0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/31 19:15:34.0859 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/31 19:15:34.0984 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/31 19:15:35.0078 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/31 19:15:35.0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/31 19:15:35.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/31 19:15:35.0390 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/31 19:15:35.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/31 19:15:35.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/31 19:15:35.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/31 19:15:35.0718 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/31 19:15:36.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/31 19:15:36.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/31 19:15:36.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/31 19:15:36.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/31 19:15:36.0234 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/31 19:15:36.0296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/31 19:15:36.0453 pepifilter (4350cb255ad546f4668c8b8afd6a00a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/01/31 19:15:36.0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/31 19:15:36.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/31 19:15:36.0687 PID_08A0 (6b310de726e1a0defd66718a7f79b5d2) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/01/31 19:15:36.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/31 19:15:36.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/31 19:15:36.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/31 19:15:37.0062 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/31 19:15:37.0109 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/31 19:15:37.0156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/31 19:15:37.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/31 19:15:37.0265 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/31 19:15:37.0312 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/31 19:15:37.0390 RasAcd (b45f5593cfc5c266fc526d40dad874c6) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/31 19:15:37.0390 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: b45f5593cfc5c266fc526d40dad874c6, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2011/01/31 19:15:37.0421 RasAcd - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/31 19:15:37.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/31 19:15:37.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/31 19:15:37.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/31 19:15:37.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/31 19:15:37.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/31 19:15:37.0828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/31 19:15:37.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/31 19:15:38.0046 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/31 19:15:38.0312 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/01/31 19:15:38.0468 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/01/31 19:15:38.0562 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2011/01/31 19:15:38.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/31 19:15:38.0781 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/31 19:15:38.0843 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/31 19:15:38.0953 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/31 19:15:39.0093 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/31 19:15:39.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/31 19:15:39.0265 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/31 19:15:39.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/31 19:15:39.0546 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/31 19:15:39.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/31 19:15:39.0750 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/31 19:15:39.0796 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/31 19:15:39.0875 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/01/31 19:15:39.0984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/31 19:15:40.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/31 19:15:40.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/31 19:15:40.0234 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/31 19:15:40.0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/31 19:15:40.0390 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/31 19:15:40.0437 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/31 19:15:40.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/31 19:15:40.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/31 19:15:40.0828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/31 19:15:40.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/31 19:15:40.0953 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/31 19:15:41.0109 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/31 19:15:41.0171 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/31 19:15:41.0265 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/31 19:15:41.0328 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/31 19:15:41.0359 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/31 19:15:41.0390 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/31 19:15:41.0437 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/31 19:15:41.0468 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/31 19:15:41.0515 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/31 19:15:41.0640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/31 19:15:41.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/31 19:15:41.0781 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/31 19:15:41.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/31 19:15:42.0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/31 19:15:42.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/31 19:15:42.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/31 19:15:42.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/31 19:15:42.0531 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/31 19:15:42.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/31 19:15:42.0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/31 19:15:42.0703 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/31 19:15:42.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/31 19:15:42.0843 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/31 19:15:42.0953 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/31 19:15:43.0031 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/31 19:15:43.0265 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/01/31 19:15:43.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/31 19:15:43.0765 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/31 19:15:43.0875 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/31 19:15:44.0171 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/31 19:15:44.0203 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/31 19:15:44.0296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/31 19:15:44.0359 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/31 19:15:44.0500 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/31 19:15:44.0609 ================================================================================
2011/01/31 19:15:44.0609 Scan finished
2011/01/31 19:15:44.0609 ================================================================================
2011/01/31 19:15:44.0625 Detected object count: 1
2011/01/31 19:16:17.0359 RasAcd (b45f5593cfc5c266fc526d40dad874c6) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/31 19:16:17.0359 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: b45f5593cfc5c266fc526d40dad874c6, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c
2011/01/31 19:16:18.0468 Backup copy found, using it..
2011/01/31 19:16:18.0484 C:\WINDOWS\system32\DRIVERS\rasacd.sys - will be cured after reboot
2011/01/31 19:16:18.0484 Rootkit.Win32.TDSS.tdl3(RasAcd) - User select action: Cure
2011/01/31 19:16:24.0390 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 31 January 2011 - 01:45 PM

Hello

That is starting to look good


I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 01 February 2011 - 04:41 PM

Here you go, Gringuito!

Let me know!

Thanks so much,

HelpHolland

---------------------------


Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Advertising Center
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
Business Contact Manager for Outlook 2003
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support 3.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Google AFE
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImagXpress
Intel® PROSet/Wireless Software
Internal Network Card Power Management
iSEEK AnswerWorks English Runtime
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
Learn2 Player (Uninstall Only)
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Flash Player
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InCD
Nero InfoTool
Nero PhotoSnap
Nero Recode
Nero ShowTime
Nero StartSmart
Nero Vision
NeroExpress
neroxml
NetWaiting
NetZeroInstallers
Otto
Picasa 3
PowerDVD 5.5
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer Basic
Samsung Auto Backup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UMVPLStandalone
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 01 February 2011 - 04:52 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 6.0.1
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Media Player
WildTangent Web Driver


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 HelpHolland

HelpHolland
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 03 February 2011 - 08:40 AM

Hi Gringo,

I did what you requested in post #14. Below is the log from Malware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5667

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/3/2011 2:17:25 PM
mbam-log-2011-02-03 (14-17-25).txt

Scan type: Quick scan
Objects scanned: 196868
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Just a sidenote: when I went to the malwarebytes.org link, I was redirected to techspot.com, where I had to download mbam. Just thought you should know. I was a little unsure of the redirect, but then realized there was no way around it and it must be normal. I was prompted to reboot the computer and as my computer was shutting down, it was stuck for 30 minutes or so on the "windows is now shutting down" screen. I finally just turned the computer off and then restarted it. Thankfully, this didn't cause any detectable problem.

Next, I have posted the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:24:28 PM, on 2/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\dell\quickset\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Nero\Tools\InCD\NBHGui.exe
C:\Program Files\Nero\Tools\InCD\InCD.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\program files\dell\quickset\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Samsung_AppInst] E:\SamsungSoftware\AppInst.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/55.16/uploader2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14181 bytes


My computer is running pretty slowly at times. Otherwise, there doesn't seem to be a problem. No redirecting when I use Google. Please let me know what, if anything, I need to do next. Also, please let me know which of all of these downloads I should delete when we are done.

Thank you for the help! Looking forward to your response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users