Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspectg rootkit infection, Google keeps redirecting


  • This topic is locked This topic is locked
7 replies to this topic

#1 burnsy77

burnsy77

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 13 March 2011 - 06:40 PM

Avast detects a rootkit problem and deletes a file (C:\Windows\System32\Drivers\Intelide.sys)

Avast boot-time scan then identifies:
a) "C:\Docs & Settings\All Users\Appl'n Data\Alwil Software\Avast5\arpot\856c4-378-0.dat" as infected by Win32: Alureon-FZ; The REPAIR option does not work (returns Error 42060) but it the DELETE option appears to delete it.
B) "C:\hyberfil.sys" as infected by Win32: Hupigon-ONX [Trj]; REPAIR option does not work (returns Error 42060) and nor does the DELETE option (returns Error 0xc0000043 "share access flags are incompatible")
(I have the Avast warning screenshots but too big to attach with the DDS and GMER logs too)

Google keeps redirecting.
MBAM quick scan finds nothing.

I'm now stuck - some help greatly appreciated! Thanks.

-----xxxxxXXXXXxxxxx-----


DDS.txt Log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Martin at 22:15:00.21 on 13/03/2011
internet explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.321 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Martin\Desktop\dds.scr
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Martin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
NoUpdateCheck REG_DWORD 1 (0x1)
NoJITSetup REG_DWORD 1 (0x1)
Disable Script Debugger REG_SZ yes
Start Page REG_SZ http://www.google.co.uk/
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.google.com
Use Search Asst REG_SZ no
Search Bar REG_SZ http://www.google.com/ie
FullScreen REG_SZ no
Enable Browser Extensions REG_SZ yes
XMLHTTP REG_DWORD 1 (0x1)
UseClearType REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0 (0x0)
SearchMigrated REG_DWORD 1 (0x1)
SearchMigratedDefaultName REG_SZ Google
SearchMigratedDefaultURL REG_SZ http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchMigratedInstalled REG_DWORD 1 (0x1)
Window_Placement REG_BINARY 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008a0500005b030000
RunOnceHasShown REG_DWORD 1 (0x1)
RunOnceComplete REG_DWORD 1 (0x1)
Use FormSuggest REG_SZ no
NotifyDownloadComplete REG_SZ no
AlwaysShowMenus REG_DWORD 1 (0x1)
IE8RunOnceLastShown REG_DWORD 1 (0x1)
IE8RunOnceLastShown_TIMESTAMP REG_BINARY e42744fbe894cb01
IE8RunOncePerInstallCompleted REG_DWORD 1 (0x1)
IE8RunOnceCompletionTime REG_BINARY cc252016e994cb01
IE8TourShown REG_DWORD 1 (0x1)
IE8TourShownTime REG_BINARY 80ea2416e994cb01
FormSuggest PW Ask REG_SZ no
StatusBarOther REG_DWORD 1 (0x1)
Start Page Restore REG_SZ http://www.google.com/
ControlTooltipCount REG_DWORD 3 (0x3)
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\Default Feeds
.
HKEY_CURRENT_USER\software\microsoft\internet explorer\main\WindowsSearch
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0a000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1a000000
Placeholder_Height REG_BINARY 1a000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.00.2800.1017
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\ErrorThresholds
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\FeatureControl
.
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\UrlTemplate
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0 (0x0)
MigrateProxy REG_DWORD 1 (0x1)
EnableNegotiate REG_DWORD 1 (0x1)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 1 (0x1)
PrivacyAdvanced REG_DWORD 0 (0x0)
ProxyEnable REG_DWORD 0 (0x0)
UrlEncoding REG_DWORD 0 (0x0)
SecureProtocols REG_DWORD 160 (0xa0)
PrivDiscUiShown REG_DWORD 1 (0x1)
ZonesSecurityUpgradeDone REG_DWORD 1 (0x1)
DisableCachingOfSSLPages REG_DWORD 0 (0x0)
WarnonZoneCrossing REG_DWORD 0 (0x0)
CertificateRevocation REG_DWORD 0 (0x0)
GlobalUserOffline REG_DWORD 0 (0x0)
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\5.0
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Activities
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Cache
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Connections
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Lockdown_Zones
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\P3P
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Passport
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\TemplatePolicies
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\ZoneMap
.
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\Zones
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Key: software\microsoft\internet explorer\search does not exist!
.
usearchurl,(default) = hxxp://www.google.com/keyword/%s
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
Error: Key: software\microsoft\internet explorer\search does not exist!
.
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooksURLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
SteelWerX Registry Console Tool 2.0URLSearchHooks: H - No File
Written by Bobbi Flekman 2006 ©URLSearchHooks: H - No File
Error: Key: .default\software\microsoft\internet explorer\urlsearchhooks does not exist!URLSearchHooks: H - No File
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ VAIO
DefaultUserName REG_SZ Martin
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ c:\WINDOWS\system32e\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ Martin
AltDefaultDomainName REG_SZ VAIO
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
Taskman REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts
.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Credentials
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon
ParseAutoexec REG_SZ 1
ExcludeProfileDirs REG_SZ Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook
BuildNumber REG_DWORD 2600 (0xa28)
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
DebugOptions REG_SZ 2048
Documents REG_SZ
DosPrint REG_SZ no
load REG_SZ
NetMessage REG_SZ no
NullPort REG_SZ None
Programs REG_SZ com exe bat pif cmd
Run REG_SZ
Device REG_SZ Lexmark 4800 Series,winspool,Ne03:
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No File
BHO: <NO NAME> - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
BHO: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
BHO: <NO NAME> - No File
BHO: NoExplorer - No File
urun: [CTFMON.EXE] c:\WINDOWS\system32e\ctfmon.exe
urun: [OM_Monitor] c:\Program Files\OLYMPUS\OLYMPUS Mastere\Monitor.exe -NoStart
urun: [swg] "c:\Program Files\Google\GoogleToolbarNotifiere\GoogleToolbarNotifier.exe"
urun: [H/PC Connection Agent] "c:\Program Files\Microsoft ActiveSynce\wcescomm.exe"
mrun: [Hcontrol] c:\WINDOWS\ATK0100e\Hcontrol.exe
mrun: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panele\atiptaxx.exe
mrun: [AzMixerSel] c:\Program Files\Realtek\InstallShielde\AzMixerSel.exe
mrun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mrun: [SonyPowerCfg] c:\Program Files\Sony\VAIO Power Managemente\SPMgr.exe
mrun: [ISBMgr.exe] c:\Program Files\Sony\ISB Utilitye\ISBMgr.exe
mrun: [Alcmtr] ALCMTR.EXE
mrun: [VZRemoteCommander] c:\Program Files\Sony\VAIO Zone Remote Commandere\AvRmtCtr.exe
mrun: [TVTunerLib] c:\Program Files\Common Files\Sony Shared\TVTunerLibe\TVTLInstTool.exe
mrun: [EPSON Stylus C62 Series] c:\WINDOWS\System32\spool\DRIVERS\W32X86\3e\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB002" /M "Stylus C62"
mrun: [AppleSyncNotifier] c:\Program Files\Common Files\Apple\Mobile Device Support\bine\AppleSyncNotifier.exe
mrun: [avast5] c:\PROGRA~1\ALWILS~1\Avast5e\avastUI.exe /nogui
mrun: [apoint]
mrun: [VAIO Update 5] "c:\Program Files\Sony\VAIO Update 5e\VAIOUpdt.exe" /Stationary
mrun: [iTunesHelper] "c:\Program Files\iTunese\iTunesHelper.exe"
mrun: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Readere\Reader_sl.exe"
mrun: [Adobe ARM] "c:\Program Files\Common Files\Adobe\ARM\1.0e\AdobeARM.exe"
mrun: [Switcher.exe] c:\Program Files\Sony\Wireless Switch Setting Utilitye\Switcher.exe
mrun: [MsgCenterExe] "c:\Program Files\Common Files\Real\Update_OBe\RealOneMessageCenter.exe" -osboot
mrun: [TkBellExe] "c:\program files\real\realplayer\updatee\realsched.exe" -osboot
mrun: [QuickTime Task] "c:\Program Files\QuickTimee\qttask.exe" -atboottime
mrun: [Zune Launcher] "c:\Program Files\Zunee\ZuneLauncher.exe"
mrun: [lxdemon.exe] "c:\Program Files\Lexmark 4800 Seriese\lxdemon.exe"
mrun: [lxdeamon] "c:\Program Files\Lexmark 4800 Seriese\lxdeamon.exe"
mrun: [FaxCenterServer] "c:\Program Files\Lexmark Fax Solutionse\fm3032.exe" /s
drun: [CTFMON.EXE] c:\WINDOWS\system32e\CTFMON.EXE
c:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\WINDOWS\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}e\outicon.exe
.
ie: SteelWerX Registry Console Tool 2.0
ie: Written by Bobbi Flekman 2006 ©
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Add to Google Photos Screensa&ver
ie: <NO NAME> REG_SZ res://c:\WINDOWS\system32e\GPhotos.scr/200
ie: Contexts REG_DWORD 34 (0x22)
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\E&xport to Microsoft Excel
ie: <NO NAME> REG_SZ res://c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE/3000
ie: Contexts REG_DWORD 1 (0x1)
.
ie: HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\Google Sidewiki...
ie: <NO NAME> REG_SZ res://c:\Program Files\Google\Google Toolbar\Componente\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
ie: Contexts REG_DWORD 19 (0x13)
.
ie: {SteelWerX Registry Console Tool 2.0
ie: {Written by Bobbi Flekman 2006 ©
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ie: { Default Visible - REG_SZ Yes
ie: { Icon - REG_SZ c:\PROGRA~1\MI3AA1~1e\INetRepl.dll,210
ie: { HotIcon - REG_SZ c:\PROGRA~1\MI3AA1~1e\INetRepl.dll,211
ie: { ButtonText - REG_SZ Create Mobile Favorite
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
ie: { MenuCustomize - REG_SZ Tools
ie: { MenuText - REG_SZ Create Mobile Favorite...
ie: { MenuStatusBar - REG_SZ Create Mobile Favorite of this page.
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ie: { ButtonText - REG_SZ Research
ie: { Icon - REG_SZ c:\PROGRA~1\MICROS~4\OFFICE11e\REFBAR.ICO
ie: { Default Visible - REG_SZ Yes
ie: { HotIcon - REG_SZ c:\PROGRA~1\MICROS~4\OFFICE11e\REFBARH.ICO
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ie: { Default Visible - REG_SZ Yes
ie: { ButtonText - REG_SZ Researcher
ie: { HotIcon - REG_SZ c:\Program Files\Common Files\Microsoft Shared\Encarta Researchere\EROPROJ.DLL,104
ie: { Icon - REG_SZ c:\Program Files\Common Files\Microsoft Shared\Encarta Researchere\EROPROJ.DLL,106
ie: { MenuStatusBar - REG_SZ Opens Encarta Researcher
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
ie: { Default Visible - REG_SZ Yes
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
ie: { MenuText - REG_SZ @xpsp3res.dll,-20001
ie: { Exec - REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe
.
ie: {HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ie: { ButtonText - REG_SZ Messenger
ie: { CLSID - REG_SZ !{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
ie: { Default Visible - REG_SZ Yes
ie: { Exec - REG_SZ c:\Program Files\Messengere\msmsgs.exe
ie: { HotIcon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,302
ie: { Icon - REG_SZ c:\Program Files\Messengere\msmsgs.exe,301
ie: { MenuText - REG_SZ Windows Messenger
ie: { ToolTip - REG_SZ Windows Messenger
IE: { CLSID - REG_SZ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { clsidExtension - REG_SZ {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - {2eaf5bb0-070f-11d3-9307-00c04fae2d4f}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
IE: { clsidExtension - REG_SZ {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - {2eaf5bb0-070f-11d3-9307-00c04fae2d4f}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - {ff059e31-cc5a-4e2e-bf3b-96e929d65503}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} - {e0dd6cab-2d10-11d2-8f1a-0000f87abd16}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301c-cf6b-11d3-a266-00c04f689c50}\inprocserver32 does not exist!
IE: { BandCLSID - REG_SZ {552781AF-37E4-4FEE-920A-CED9E648EADD} - {552781af-37e4-4fee-920a-ced9e648eadd}\inprocserver32 does not exist!
IE: { CLSID - REG_SZ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - {1fba04ee-3024-11d2-8f1f-0000f87abd16}\inprocserver32 does not exist!
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
* REG_DWORD 2 (0x2)
* REG_DWORD 2 (0x2)
* REG_DWORD 2 (0x2)
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\LSSupCtl.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\DownloadInformation
CODEBASE REG_SZ http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\LSSupCtl.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}\InstalledVersion
<NO NAME> REG_SZ 3,1,0,5
LastModified REG_SZ Mon, 06 Dec 2004 19:41:00 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\SymAData.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\DownloadInformation
CODEBASE REG_SZ http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3451DEDE-631F-421C-8127-FD793AFC6CC8}\InstalledVersion
<NO NAME> REG_SZ 2,6,0,1
LastModified REG_SZ Tue, 20 Jun 2006 18:50:25 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990200-3C9D-426D-81DF-AAB636FA4345}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990200-3C9D-426D-81DF-AAB636FA4345}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990200-3C9D-426D-81DF-AAB636FA4345}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\tgctlsi.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990200-3C9D-426D-81DF-AAB636FA4345}\DownloadInformation
CODEBASE REG_SZ http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990200-3C9D-426D-81DF-AAB636FA4345}\InstalledVersion
<NO NAME> REG_SZ 6,8,506,0
LastModified REG_SZ Tue, 20 Jun 2006 18:50:28 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\tgctlsr.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}\DownloadInformation
CODEBASE REG_SZ http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{44990301-3C9D-426D-81DF-AAB636FA4345}\InstalledVersion
<NO NAME> REG_SZ 6,8,506,0
LastModified REG_SZ Tue, 20 Jun 2006 18:50:15 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\Contains\Files
c:\WINDOWS\Downloaded Program Filese\PURen-us.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\MsnPUpld.dll REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation
CODEBASE REG_SZ http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\MsnPUpld.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\InstalledVersion
<NO NAME> REG_SZ 10,0,913,0
LastModified REG_SZ Wed, 19 Sep 2007 06:35:12 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation
CODEBASE REG_SZ http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\erma.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\InstalledVersion
<NO NAME> REG_SZ 1,0,0,25
LastModified REG_SZ Tue, 04 Dec 2007 00:40:37 GMT
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
<NO NAME> REG_SZ Java Runtime Environment 1.6.0
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation
CODEBASE REG_SZ http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
INF REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\InstalledVersion
<NO NAME> REG_SZ 1.6.0.17
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
SystemComponent REG_DWORD 0 (0x0)
Installer REG_SZ MSICD
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\Contains\Files
c:\WINDOWS\system32e\atl.dll REG_SZ
c:\WINDOWS\Downloaded Program Filese\gp.ocx REG_SZ
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation
CODEBASE REG_SZ http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
INF REG_SZ c:\WINDOWS\Downloaded Program Filese\gp.inf
.
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\InstalledVersion
<NO NAME> REG_SZ 1,6,2,53
LastModified REG_SZ Wed, 02 Dec 2009 03:43:49 GMT
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters
NameServer REG_SZ
CLSID - REG_SZ {B0D92A71-886B-453B-A649-1B91F93801E7} -
ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\WINDOWS\system32e\WPDShServiceObj.dll
.
SteelWerX Registry Console Tool 2.0
.
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}
AppID REG_SZ {320E4F5F-683B-44BE-8AD3-CD494F4EA77C}
.
<NO NAME> REG_SZ c:\Program Files\Windows Desktop Searche\MSNLNamespaceMgr.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\ProgID
<NO NAME> REG_SZ MSNLNamespaceMgr.NamespaceMgr.1
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\TypeLib
<NO NAME> REG_SZ {ACC00AA1-73BA-4E89-A650-345A7E254A60}
HKEY_CLASSES_ROOT\clsid\{56f9679e-7826-4c84-81f3-532071a8bcc5}\VersionIndependentProgID
seh: <NO NAME> REG_SZ MSNLNamespaceMgr.NamespaceMgr
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
d; /.* /!d; s//securityproviders: /
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Authentication Packages REG_MULTI_SZ msv1_0
Bounds REG_BINARY 0030000000200000
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 1 (0x1)
LsaPid REG_DWORD 996 (0x3e4)
SecureBoot REG_DWORD 1 (0x1)
auditbaseobjects REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
fipsalgorithmpolicy REG_DWORD 0 (0x0)
forceguest REG_DWORD 1 (0x1)
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 1 (0x1)
lmcompatibilitylevel REG_DWORD 0 (0x0)
nodefaultadminowner REG_DWORD 1 (0x1)
nolmhash REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
d;/^((authentication|notification) packages) .* /i!d; s//lsa: 1 = /
Notification Packages REG_MULTI_SZ scecli
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
.
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©
.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\subsystems
windows REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\WINDOWS\system32\driverse\aswSnx.sys [2011-2-27 371544]
R1 aswSP;aswSP;c:\WINDOWS\system32\driverse\aswSP.sys [2010-1-20 301528]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 aswFsBlk;aswFsBlk;c:\WINDOWS\system32\driverse\aswFsBlk.sys [2010-1-20 19544]
R2 avast! Antivirus;avast! Antivirus;c:\Program Files\Alwil Software\Avast5e\AvastSvc.exe [2010-1-20 42184]
R2 lxde_device;lxde_device;c:\WINDOWS\system32\lxdecoms.exe -service --> C:\WINDOWS\system32e\lxdecoms.exe -service [?]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binne\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 SPI;Sony Programmable I/O Control Device;c:\WINDOWS\system32\driverse\SonyPI.sys [2005-3-1 71961]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319e\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bde59abec9c8;Google Update Service (gupdate1c9bde59abec9c8);c:\Program Files\Google\Updatee\GoogleUpdate.exe [2009-4-15 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\WINDOWS\system32\spool\drivers\w32x86\3e\lxdeserv.exe [2011-3-7 99248]
S3 DSSUSBF;DSSUSBF Device;c:\WINDOWS\system32\driverse\DSSUSBF.sys [2005-12-8 25381]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binne\sqlagent.EXE -i VAIO_VEDB [?]
S3 VUAgent;VUAgent;c:\Program Files\Sony\VAIO Update 5e\VUAgent.exe [2010-2-10 722288]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\Program Files\Zunee\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPFe\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
::RecordNow.GI="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
::RecordNow.ISO="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
::RecordNow.PXJ="c:\Program Files\Sonic\RecordNow!e\RecordNow.exe" "%1"
Access.ADEFile.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Application.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.BlankDatabaseTemplate.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.BlankProjectTemplate.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1"
Access.DatabaseWizardTemplate.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /DBWIZ "%1"
Access.Extension.11=c:\PROGRA~1\MICROS~4\OFFICE11e\MSACCESS.EXE /NOSTARTUP "%1"
Access.MDEFile.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Project.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Shortcut.DataAccessPage.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]
Access.Shortcut.Diagram.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]
Access.Shortcut.Form.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]
Access.ShortCut.Function.1="c:\PROGRA~1\MICROS~4\OFFICE11e\MSACCESS.EXE" /SHELLSYSTEM [OpenFunction "%1"]
Access.Shortcut.Macro.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]
Access.Shortcut.Module.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]
Access.Shortcut.Query.1=c:\PROGRA~1\MICROS~4\OFFICE11e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]
Access.Shortcut.Report.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1",2]
Access.Shortcut.StoredProcedure.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]
Access.Shortcut.Table.1=c:\PROGRA~1\MICROS~4\OFFICE11e\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]
Access.Shortcut.View.1="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]
Access.WizardDataFile.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
Access.Workgroup.11="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE" /NOSTARTUP "%1"
accesshtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE"
accessthmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\MSACCESS.EXE"
acrobat="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" /u "%1"
AcroDist="c:\Program Files\Adobe\Acrobat 6.0\Distillre\acrodist.exe" "%1"
AcroDistJobOptions="c:\Program Files\Adobe\Acrobat 6.0\Distillre\acrodist.exe" /E "%1"
AcroExch.acrobatsecuritysettings.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.Document.7="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.FDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.pdfxml.1="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XDPDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
AcroExch.XFDFDoc="c:\Program Files\Adobe\Reader 9.0\Readere\AcroRd32.exe" "%1"
acwfile=%SystemRoot%\system32\accwiz.exe %1
Adobe.AfterEffects.Effect="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Keys.File="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Layout="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Movie="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Plugin="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Preset="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Pro.Project="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Project="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Style="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
Adobe.Premiere.Title="c:\Program Files\Adobe\Premiere Standarde\Adobe Premiere Standard.exe" "%1"
AIFFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AIR.InstallerPackage=c:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0e\ADOBEA~1.EXE "%1"
Application.Manifest=rundll32.exe dfshim.dll,ShOpenVerbApplication %1
Application.Reference=rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2
ASFFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
ASXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
AUFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
avastlicfile="c:\Program Files\Alwil Software\Avast5e\aswChLic.exe" "%1"
avastsoundsfile="c:\Program Files\Alwil Software\Avast5e\aswChLic.exe" "%1"
AVIFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:8 /Open "%L"
!d
Binder.Document="c:\Program Files\Sony\PictureGear Studio\Bindere\Binder.exe" "%1"
Briefcase=explorer.exe %1
callto=rundll32.exe msconf.dll,CallToProtocolHandler %l
CATFile=rundll32.exe cryptext.dll,CryptExtOpenCAT %1
cclaunch="c:\Program Files\CCleanere\ccleaner.exe" /%1
cdafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
CERFile=rundll32.exe cryptext.dll,CryptExtOpenCER %1
CertificateStoreFile=rundll32.exe cryptext.dll,CryptExtOpenSTR %1
certificate_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /certificate %1
!d
ChromeHTML="c:\Program Files\Google\Chrome\Applicatione\chrome.exe" -- "%1"
clpfile=clipbrd.exe %1
!d
!d
CompressedFolder=rundll32.exe zipfldr.dll,RouteTheCall %L
ConferenceLink=rundll32.exe msconf.dll,OpenConfLink %l
Connection Manager Profile=c:\WINDOWS\system32e\CMMGR32.EXE "%1"
CRLFile=rundll32.exe cryptext.dll,CryptExtOpenCRL %1
daap=c:\Program Files\iTunese\iTunes.exe /url "%1"
DBC.MPEG.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
DocShortcut=rundll32 %SystemRoot%\System32\shscrap.dll,OpenScrap_RunDLL /r /x %1
dqyfile=c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE
drdfile="c:\Program Files\OO Software\MediaRecoverye\OODskRec.exe" "%1"
dunfile=%SystemRoot%\system32\RUNDLL32.EXE NETSHELL.DLL,InvokeDunFile %1
emffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
EncartaResearcher.Document="c:\Program Files\Common Files\Microsoft Shared\Encarta Researchere\ER2001.EXE" "%1"
Excel.Addin="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Backup="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Chart=c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE /e
Excel.Chart.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.CSV="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.DIF="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Macrosheet="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.12="c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE" /e
Excel.Sheet.8="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.SheetBinaryMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE" /e
Excel.SheetMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE" /e
Excel.SLK="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Template="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.Workspace="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excel.XLL="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE" /e
Excelhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
Excelhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\EXCEL.EXE"
!d
fndfile=%SystemRoot%\Explorer.exe
Folder=%SystemRoot%\Explorer.exe /idlist,%I,%L
fonfile=%SystemRoot%\System32\fontview.exe %1
FreePrint.Document="c:\Program Files\Sony\PictureGear Studio\PrintStudioe\PrintStudio.exe" "%1"
ftp="c:\Program Files\Internet Explorere\IEXPLORE.EXE" %1
giffile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
Google Earth.etafile=c:\Program Files\Google\Google Earthe\googleearth.exe "%1"
Google Earth.kmlfile=c:\Program Files\Google\Google Earth\cliente\googleearth.exe "%1"
Google Earth.kmzfile=c:\Program Files\Google\Google Earth\cliente\googleearth.exe "%1"
Google.PhotoViewer.3.0="c:\Program Files\Google\Picasa3e\PicasaPhotoViewer.exe" "%1"
gopher="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
h323file="rundll32.exe" msconf.dll,NewMediaPhone %l
HCP=%SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
helpfile=winhlp32.exe %1
hlpfile=%SystemRoot%\System32\winhlp32.exe %1
holfile="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /hol "%1"
htafile=c:\WINDOWS\system32e\mshta.exe "%1" %*
htfile="c:\Program Files\Windows NTe\HYPERTRM.EXE" %1
htmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
HTTP="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
https="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
icsfile="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /ical "%1"
iiifile="rundll32.exe" msconf.dll,NewMediaPhone %l
!d
InfoPath.Document.1="c:\Program Files\Microsoft Office\OFFICE11e\INFOPATH.EXE" "%1"
InfoPath.Solution.1="c:\Program Files\Microsoft Office\OFFICE11e\INFOPATH.EXE" "%1"
InfoPath.SolutionManifest.1="c:\Program Files\Microsoft Office\OFFICE11e\INFOPATH.EXE" "%1"
!d
InternetShortcut="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\ieframe.dll",OpenURL %l
InterTrustSPOP="c:\Program Files\Internet Explorere\iexplore.exe" -nohome %1
iqyfile=c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE /e
itms=c:\Program Files\iTunese\iTunes.exe /url "%1"
itmss=c:\Program Files\iTunese\iTunes.exe /url "%1"
itpc=c:\Program Files\iTunese\iTunes.exe /url "%1"
ITS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
iTunes=c:\Program Files\iTunese\iTunes.exe /url "%1"
iTunes.aa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aax="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aif="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aifc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.aiff="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.cdda="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipa="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ipsw="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itdb="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.ite="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itl="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itlp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itms="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.itpc="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m3u8="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4a="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4b="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4p="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4r="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.m4v="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mov="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp2="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mp3="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpeg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.mpg="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pcast="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.pls="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.rmp="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wav="c:\Program Files\iTunese\iTunes.exe" /open "%L"
iTunes.wave="c:\Program Files\iTunese\iTunes.exe" /open "%L"
Ivi.MediaFile="c:\Program Files\InterVideo\WinDVDe\WinDVD.exe" %1
jarfile="c:\Program Files\Java\jre6\bine\javaw.exe" -jar "%1" %*
JNLPFile="c:\Program Files\Java\jre6\bine\javaws.exe" "%1"
jpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
LDAP="c:\Program Files\Outlook Expresse\wab.exe" /ldap:%1
Lexmark_4800_Series=c:\Program Files\Lexmark 4800 Seriese\lxdeamon.exe
LiveUpdate.MIDI.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
lml_auto_file="c:\Program Files\Nokia\Nokia PC Suite 7e\PCSyncLV.exe" "%1"
m3ufile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
MacromediaFlashPaper.MacromediaFlashPaper="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome "%1"
mailto="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" -c IPM.Note /m "%1"
MediaPackageFile="c:\Program Files\Microsoft Office\OFFICE11e\MSTORE.EXE" "%1"
mhtmlfile="c:\Program Files\Internet Explorere\IEXPLORE.EXE" -nohome
Microsoft Internet Mail Message="%ProgramFiles%\Outlook Express\msimn.exe" /eml:%1
Microsoft Internet News Message="%ProgramFiles%\Outlook Express\msimn.exe" /nws:%1
Microsoft.InformationCard=c:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.WindowsCardSpaceBackup=c:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32e\infocardcpl.cpl,ImportInformationCard_RunDll %1
Microsoft.Works.wpjfile="c:\Program Files\Microsoft Workse\msworks.exe" "%1"
MicrosoftWorks.WordProcessor.5="c:\Program Files\Microsoft Workse\WksWP.exe" /SHELL "%1"
MIDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
MITrain.Document=c:\WINDOWS\Help\SBSI\Traininge\ORUN32.EXE -f "%1"
MMS="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
MMST="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MMSU="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MoodLogic.DevicePlugin.1="c:\Program Files\MoodLogice\MoodLogic.exe" "%1"
MoodLogic.MixWorldMix.1="c:\Program Files\MoodLogice\MoodLogic.exe" "%1"
MoodLogic.Skin.1="c:\Program Files\MoodLogice\MoodLogic.exe" "%1"
mp3file="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:6 /Open "%L"
mpegfile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:9 /Open "%L"
MPlayer=mplay32.exe /play /close "%L"
MS-ITSS FILE="c:\Program Files\Internet Explorere\iexplore.exe" -nohome ms-itss:%1::/
msbackupfile=%SystemRoot%\system32\ntbackup.exe
MSBD="c:\Program Files\Windows Media Playere\wmplayer.exe" "%L"
MSCFile=%SystemRoot%\system32\mmc.exe "%1" %*
MSDASC=Rundll32.exe c:\PROGRA~1\COMMON~1\System\OLEDB~1e\oledb32.dll,OpenDSLFile %1
msero="c:\Program Files\Common Files\Microsoft Shared\Encarta Researchere\ER2001.EXE" "%1"
msgfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /f "%1"
Msi.Package="%SystemRoot%\System32\msiexec.exe" /i "%1" %*
Msi.Patch="%SystemRoot%\System32\msiexec.exe" /p "%1" %*
MSInfo.Document=c:\Program Files\Common Files\Microsoft Shared\MSInfoe\MSInfo32.exe /msinfo_file %1
MSPaper.Document="c:\Program Files\Common Files\Microsoft Shared\MODI\11.0e\MSPVIEW.EXE" "%1"
MSProgramGroup=c:\WINDOWS\system32e\grpconv.exe %1
MsRcIncident=%SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
msstylesfile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"
MSWorks4Database="c:\Program Files\Microsoft Workse\WksDB.exe" "%1"
MSWorks4Sheet="c:\Program Files\Microsoft Workse\WksSS.exe" "%1"
news="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
nntp="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
Nokia.ApplicationInstaller=c:\Program Files\Nokia\Nokia PC Suite 7e\ApplicationInstaller.exe "%1"
Nokia.ContentCopier="c:\Program Files\Nokia\Nokia PC Suite 7e\ContentCopier.exe" "%1"
nvd=c:\Program Files\Nokia\Nokia PC Suite 7e\VideoManager.exe "%1"
office.Extension.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
Oice.Excel.Addin=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.Excel.Sheet=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.Excel.Template=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.PowerPoint.Show=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.PowerPoint.SlideShow=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.PowerPoint.Template=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
Oice.Word.Document=c:\PROGRA~1\MICROS~4\Office12e\Oice.exe "%1"
opendocument.CalcDocument.1="c:\Program Files\OpenOffice.org 3\programe\scalc.exe" -o "%1"
opendocument.CalcTemplate.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
opendocument.DatabaseDocument.1="c:\Program Files\OpenOffice.org 3\programe\sbase.exe" -o "%1"
opendocument.DrawDocument.1="c:\Program Files\OpenOffice.org 3\programe\sdraw.exe" -o "%1"
opendocument.DrawTemplate.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
opendocument.ImpressDocument.1="c:\Program Files\OpenOffice.org 3\programe\simpress.exe" -o "%1"
opendocument.ImpressTemplate.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
opendocument.MathDocument.1="c:\Program Files\OpenOffice.org 3\programe\smath.exe" -o "%1"
opendocument.WriterDocument.1="c:\Program Files\OpenOffice.org 3\programe\swriter.exe" -o "%1"
opendocument.WriterGlobalDocument.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
opendocument.WriterTemplate.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
opendocument.WriterWebDocument.1="c:\Program Files\OpenOffice.org 3\programe\sweb.exe" -o "%1"
opendocument.WriterWebTemplate.1="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
OpenMG_Mp3=c:\Program Files\Sony\SonicStagee\Omgjbox.exe "%1"
OpenMG_Oma=c:\Program Files\Sony\SonicStagee\Omgjbox.exe "%1"
OpenMG_Omg=c:\Program Files\Sony\SonicStagee\Omgjbox.exe "%1"
OpenMG_Wav=c:\Program Files\Sony\SonicStagee\Omgjbox.exe "%1"
OpenOffice.org.Doc="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Docm="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Docx="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Dot="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Dotm="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Dotx="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Pot="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Potm="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Potx="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Pps="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Ppt="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Pptm="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Pptx="c:\Program Files\OpenOffice.org 3\program\e\simpress.exe" -o "%1"
OpenOffice.org.Rtf="c:\Program Files\OpenOffice.org 3\program\e\swriter.exe" -o "%1"
OpenOffice.org.Xls="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xlsb="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xlsm="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xlsx="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xlt="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xltm="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
OpenOffice.org.Xltx="c:\Program Files\OpenOffice.org 3\program\e\scalc.exe" -o "%1"
oqyfile=c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE
ossfile="c:\Program Files\Microsoft Office\OFFICE11e\FINDER.EXE" /f "%1"
otffile=%SystemRoot%\System32\fontview.exe %1
outlook="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /select "%1"
Outlook.NavigatorBarFile="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /s "%1"
Outlook.Template="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /t "%1"
P7RFile=rundll32.exe cryptext.dll,CryptExtOpenP7R %1
P7SFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
Paint.Picture=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
PalmDesktop.VCal="c:\Program Files\Palme\Palm.exe" "%1"
PalmDesktop.VCard="c:\Program Files\Palme\Palm.exe" "%1"
pbkfile=%SystemRoot%\system32\rasphone.exe -f "%1"
pcast=c:\Program Files\iTunese\iTunes.exe /url "%1"
PCSuiteCalendarView="c:\Program Files\Nokia\Nokia PC Suite 7e\CommunicationCentre.exe" {e22afcec-f907-493e-8a8a-737f32ecc07d} 1 "%1"
PCSuiteContactsView="c:\Program Files\Nokia\Nokia PC Suite 7e\CommunicationCentre.exe" {da479c8f-72da-407a-bf46-1fd318d8d29f} 1 "%1"
PCSuiteMessagesView="c:\Program Files\Nokia\Nokia PC Suite 7e\CommunicationCentre.exe" {dcfe9f94-57a7-47a3-bf32-055264c02dbe} 1 "%1"
pdtfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
PerfFile=%SystemRoot%\system32\perfmon.exe %1
pfmfile=%SystemRoot%\System32\fontview.exe %1
PhotoAlbum.Document="c:\Program Files\Sony\PictureGear Studio\PhotoAlbume\PhotoAlbum.exe" "%1"
PhotoCollection="c:\Program Files\Sony\PictureGear Studio\PhotoCollectione\PhotoCollection.exe" "/AutoPlay" "%1"
Photoshop.ActionsFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.AdobePlugin=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.ArbitraryMapFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.ASVColAdjFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.AXTAdjColFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.BrushesFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.CHAFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.ColorTableFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.CurvesFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.CustomFilterKernel=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.DuotoneSettingsFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.FileInfo=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.Gradients=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.HalftoneScreens=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.HueSatFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.LevelsFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.MonitorSetupFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.PhotomergeCompositionFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe" %1
Photoshop.PlugIn=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe
Photoshop.PreferencesFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.PrintingInksFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.SepTablesFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.SwatchesFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.TransferFunctionsFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
Photoshop.VariationsFile=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopelementsEditor.exe
PhotoshopAlbum.PsaFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsOrganizer.exe" "%1"
PhotoshopElements.Application.3="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements.ColorSettings=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements.CustomShapes=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements.Image.3="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements.Patterns=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements.PDDFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements.ProofSetup=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements.ShapeCurves=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements.Styles=c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe "%1"
PhotoshopElements3.BMPFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.DigitialNegative="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.EPSFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.GIFFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.JPGFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.JPXFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PCTFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PCXFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PDFFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PNGFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PSDFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.PXRFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.RAWFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.SCTFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.TGAFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
PhotoshopElements3.TIFFile="c:\Program Files\Adobe\Photoshop Elements 3.0e\PhotoshopElementsEditor.exe" "%1"
picasa="c:\Program Files\Google\Picasa3e\Picasa3.exe" "%1"
PIF DESIGNER File="c:\Program Files\EPSON\PIF DESIGNERe\PIF DESIGNER.exe" "%1"
!d
pjpegfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pmf_auto_file=c:\Program Files\Common Files\Microsoft Shared\Shoeboxe\piolch.exe "%1"
pngfile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
pnm="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
PowerPoint.Addin.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Show.4=c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.7=c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Show.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.ShowMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Slide.4=c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.7=c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.Slide.8=c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE "%1"
PowerPoint.SlideShow.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShow.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.SlideShowMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" /s "%1"
PowerPoint.Template.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.TemplateMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\POWERPNT.EXE" "%1"
PowerPoint.Wizard.8="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE" "%1"
powerpointhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
powerpointhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\POWERPNT.EXE"
ppifile=%SystemRoot%\System32\msppcnfg.exe /Config %1
prffile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /PromptImportPRF "%1"
PRINT Image Framer File="c:\Program Files\EPSON\PIF DESIGNERe\PIF DESIGNER.exe" "%1"
PSWFile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Publisher.Document.11="c:\Program Files\Microsoft Office\OFFICE11e\MSPUB.EXE" %1
Publishing Folder=explorer.exe /idlist,%I,%L
pwdfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
pwifile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
pwtfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
QuickTime.3g2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.3gpp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aac=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.ac3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.adts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aifc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.aiff=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.amc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.AMR=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.au=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.avi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.bmp=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.bwf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.caf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cdda=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.cel=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dib=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.dif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.dv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.flc=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.fli=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gif=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.gsm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.jp2=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpe=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpeg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.jpg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.kar=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m15=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1s=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m1v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3u=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m3url=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4a=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4b=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4p=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m4v=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.m75=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mac=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.mid=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.midi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mov=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp3=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mp4=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpeg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpg=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mpv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.mqv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.pct=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pic=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pict=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.png=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pnt=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.pntg=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.psd=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qcp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qht=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qhtm=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qt=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qti=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.qtl=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.qup= "%1"
QuickTime.rgb=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.rts=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.rtsp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sd2=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdp=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sdv=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sgi=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.smf=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smi=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.smil=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.sml=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.snd=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.swa=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.targa=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tga=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tif=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.tiff=c:\Program Files\QuickTimee\PictureViewer.exe "%1"
QuickTime.ulw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.vfw=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
QuickTime.wav=c:\Program Files\QuickTimee\QuickTimePlayer.exe "%1"
ratfile="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\msrating.dll",ClickedOnRAT %1
RealJukebox.ACP.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.CDA.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RJT.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMJ.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMP.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.RMX.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealJukebox.wma.1="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.3GPP2.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.3GPP_AMR.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AAC.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AIFF.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AMR.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AMR_WB.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AU.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.AutoPlay.6="c:\program files\real\realplayer\e\RealPlay.exe" /autoplay "%1"
RealPlayer.AVI.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.CDBurn.6="c:\program files\real\realplayer\e\RealPlay.exe" /burn "%1"
RealPlayer.DIVX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.DVDBurn.6="c:\program files\real\realplayer\e\RealPlay.exe" /burndvd "%1"
RealPlayer.EVRC.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.FLV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.IVR.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.M4A.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP1.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP2.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP3.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP3PL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MP4.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPEG.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.MPGA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.PIX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.PLSPL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.QCP.10="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.qt.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RA.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RAM.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RAX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RM.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RMS.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RMVB.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RP.6="c:\program files\real\realplayer\Updatee\rnxproc.exe" "%1"
RealPlayer.RPL.6="c:\Program Files\Real\RealPlayere\RealPlay.exe" "%1"
RealPlayer.RSML.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RT.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.RVX.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.SDP.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.SMIL.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.WAV.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wax.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wm.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmf.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmv.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wmx.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
RealPlayer.wvx.6="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
!d
!d
rlogin="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
rqyfile=c:\PROGRA~1\MICROS~4\OFFICE11e\EXCEL.EXE
rtffile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
rtsp="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
Safari.safariextz="c:\Program Files\Safarie\Safari.exe" "%1"
Safari.webarchive="c:\Program Files\Safarie\Safari.exe" "%1"
SafariDownload="c:\Program Files\Safarie\Safari.exe" -url "%1"
SafariHTML="c:\Program Files\Safarie\Safari.exe" -url "%1"
SafariURL="c:\Program Files\Safarie\Safari.exe" -url "%1"
SavedDsQuery=rundll32 %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1
!d
scriptletfile="c:\WINDOWSe\NOTEPAD.EXE" "%1"
Search-ms="c:\Program Files\Windows Desktop Searche\WindowsSearch.exe" /url "%1"
SHCmdFile=explorer.exe
Shell=%SystemRoot%\Explorer.exe /idlist,%I,%L
ShellScrap=rundll32 %SystemRoot%\system32\shscrap.dll,OpenScrap_RunDLL %1
snews="%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"
soffice.StarCalcDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarCalcDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarCalcTemplate.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarChartDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarDrawDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarDrawDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarDrawTemplate.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarImpressDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarImpressDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarImpressTemplate.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarMathDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarMathDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarOfficeTemplate.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarWriterDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarWriterDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarWriterGlobalDocument.5="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarWriterGlobalDocument.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
soffice.StarWriterTemplate.6="c:\Program Files\OpenOffice.org 3\programe\soffice.exe" -o "%1"
Sony.DownloadDeliveryMetafile=c:\Program Files\Sony\SonicStagee\Omgjbox.exe "%1"
SonyClicktoDVDProject=c:\PROGRA~1\Sony\CLICKT~1e\ctodvd.exe "%1"
SonyDVPlusClipListProject=c:\PROGRA~1\Sony\DVGATE~1e\DVPlus.exe "%1"
SonyDVPlusSenceListProject=c:\PROGRA~1\Sony\DVGATE~1e\DVPlus.exe "%1"
SonyImportPicturesOnArrivalVAIOEntertainment="c:\Program Files\Sony\VAIO Entertainmente\VAIOEnt.exe" /photoImport="%L"
SonyMicroMV=c:\PROGRA~1\WINDOW~2e\wmplayer.exe "%1"
SonyMP4=c:\PROGRA~1\WINDOW~2e\wmplayer.exe "%1"
SonyMPEG2TS=c:\PROGRA~1\WINDOW~2e\wmplayer.exe "%1"
SonyShowPicturesOnArrivalVAIOEntertainment="c:\Program Files\Sony\VAIO Entertainmente\VAIOEnt.exe" /photo="%L"
SoundRec="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
SPCFile=rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1
SSM="c:\program files\real\realplayer\e\RealPlay.exe" "%1"
STLFile=rundll32.exe cryptext.dll,CryptExtOpenCTL %1
stssync="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /stssync "%1"
T126_Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" - "%1"
telnet="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
themefile=%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"%1"
TIFImage.Document=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
tn3270="c:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32e\url.dll",TelnetProtocolHandler %l
ttcfile=%SystemRoot%\System32\fontview.exe %1
ttffile=%SystemRoot%\System32\fontview.exe %1
!d
ulsfile="rundll32.exe" msconf.dll,NewMediaPhone %l
vcard_wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" /vcard %1
vcffile="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /v "%1"
vcsfile="c:\PROGRA~1\MICROS~4\OFFICE11e\OUTLOOK.EXE" /vcal "%1"
wab_auto_file="c:\Program Files\Outlook Expresse\wab.exe" %1
WAXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
webpnpFile=%SystemRoot%\system32\wpnpinst.exe %1
Whiteboard="c:\Program Files\NetMeetinge\wb32.exe" "%1"
Windows.CompositeFont="%WinDir%\System32\notepad.exe" "%1"
Windows.Movie.Maker="c:\Program Files\Movie Makere\moviemk.exe" %1
Windows.XamlDocument="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
Windows.Xbap="c:\WINDOWS\system32e\PresentationHost.exe" "%1" %*
WinDVD.playback=c:\Program Files\InterVideo\WinDVDe\WinDVD.exe %1
WinDVDX.playback=c:\Program Files\InterVideo\WinDVDXe\WinDVDX.exe %1
wmafile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:5 /Open "%L"
WMDFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /WMPackage:"%L"
wmffile=rundll32.exe c:\WINDOWS\system32e\shimgvw.dll,ImageView_Fullscreen %1
WMP.DVR-MSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
WMSFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
WMVFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /prefetch:7 /Open "%L"
WMZFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /layout:"%L"
Word.Backup.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.12="c:\PROGRA~1\MICROS~4\OFFICE11e\WINWORD.EXE" /n /dde
Word.Document.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.DocumentMacroEnabled.12="c:\PROGRA~1\MICROS~4\OFFICE11e\WINWORD.EXE" /n /dde
Word.RTF.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
Word.Template.8="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE" /n /dde
wordhtmlfile="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
wordhtmltemplate="c:\Program Files\Microsoft Office\OFFICE11e\WINWORD.EXE"
Wordpad.Document.1="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
WPLFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
wrifile="c:\Program Files\Windows NT\Accessoriese\WORDPAD.EXE" "%1"
WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
WVXFile="c:\Program Files\Windows Media Playere\wmplayer.exe" /Open "%L"
x-internet-signup=%ProgramFiles%\Internet Explorer\Connection Wizard\ISIGNUP.EXE %1
XEV.FailSafeApp=%SystemRoot%\system32\NOTEPAD.EXE %1
XEV.GenericApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
XEV.OriginalApp="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
xmlfile="c:\Program Files\Common Files\Microsoft Shared\OFFICE11e\MSOXMLED.EXE" /verb open "%1"
xnkfile="c:\Program Files\Microsoft Office\OFFICE11e\OUTLOOK.EXE" /x "%1"
XPSViewer.Document.1="c:\WINDOWS\system32\XPSViewere\XPSViewer.exe" "%1" %*
xslfile="c:\Program Files\Internet Explorere\iexplore.exe" -nohome
ymsgr=c:\PROGRA~1\Yahoo!\MESSEN~1e\YPager.exe %1
zapfile=%SystemRoot%\system32\NOTEPAD.EXE %1
zune="c:\Program Files\Zunee\Zune.exe" -link:"%1"
.bat
.cmd
.com
.exe
.scr
.reg
.txt
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2010-12-20 12:55:26 385024 ----a-w- c:\WINDOWS\system32e\html.iec
.
============= FINISH: 22:19:49.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:05 PM

Posted 13 March 2011 - 07:29 PM

Hello burnsy77,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
Tdsskiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 burnsy77

burnsy77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 14 March 2011 - 04:09 PM

Hi fireman4it, thanks for your quick reply. I've run Tdsskiller and Combofix, log files are attached below.

After a quick browse on the internet, google redirect appears to be gone. I'll restart after I've posted this to check that Avast isn't still flagging up malicious files.


Burnsy77


TDSSKiller log file
2011/03/14 20:05:59.0484 0388 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/14 20:05:59.0906 0388 ================================================================================
2011/03/14 20:05:59.0906 0388 SystemInfo:
2011/03/14 20:05:59.0906 0388
2011/03/14 20:05:59.0906 0388 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/14 20:05:59.0906 0388 Product type: Workstation
2011/03/14 20:05:59.0906 0388 ComputerName: VAIO
2011/03/14 20:05:59.0906 0388 UserName: Martin
2011/03/14 20:05:59.0906 0388 Windows directory: C:\WINDOWS
2011/03/14 20:05:59.0906 0388 System windows directory: C:\WINDOWS
2011/03/14 20:05:59.0906 0388 Processor architecture: Intel x86
2011/03/14 20:05:59.0906 0388 Number of processors: 1
2011/03/14 20:05:59.0906 0388 Page size: 0x1000
2011/03/14 20:05:59.0906 0388 Boot type: Normal boot
2011/03/14 20:05:59.0906 0388 ================================================================================
2011/03/14 20:06:00.0343 0388 Initialize success
2011/03/14 20:06:03.0875 5332 ================================================================================
2011/03/14 20:06:03.0875 5332 Scan started
2011/03/14 20:06:03.0875 5332 Mode: Manual;
2011/03/14 20:06:03.0875 5332 ================================================================================
2011/03/14 20:06:04.0812 5332 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/14 20:06:04.0859 5332 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/14 20:06:04.0953 5332 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/14 20:06:05.0000 5332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/14 20:06:05.0078 5332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/14 20:06:05.0125 5332 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/14 20:06:05.0203 5332 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/14 20:06:05.0562 5332 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/03/14 20:06:05.0687 5332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/14 20:06:05.0828 5332 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/14 20:06:05.0859 5332 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/14 20:06:05.0906 5332 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/14 20:06:05.0968 5332 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/14 20:06:06.0031 5332 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/14 20:06:06.0078 5332 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/14 20:06:06.0171 5332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/14 20:06:06.0218 5332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/14 20:06:06.0343 5332 ati2mtag (e9ebf7dca6c5eb9c597035a10a5a6a1b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/14 20:06:06.0406 5332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/14 20:06:06.0453 5332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/14 20:06:06.0578 5332 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/14 20:06:06.0625 5332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/14 20:06:06.0671 5332 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/03/14 20:06:06.0703 5332 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/03/14 20:06:06.0750 5332 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/03/14 20:06:06.0796 5332 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/03/14 20:06:06.0843 5332 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/03/14 20:06:06.0906 5332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/14 20:06:06.0937 5332 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/14 20:06:07.0000 5332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/14 20:06:07.0156 5332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/14 20:06:07.0203 5332 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/03/14 20:06:07.0265 5332 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/14 20:06:07.0328 5332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/14 20:06:07.0390 5332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/14 20:06:07.0531 5332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/14 20:06:07.0609 5332 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/14 20:06:07.0734 5332 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/03/14 20:06:07.0781 5332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/14 20:06:07.0828 5332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/14 20:06:07.0875 5332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/14 20:06:07.0968 5332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/14 20:06:08.0000 5332 DSSUSBF (a539daae5463f8d3acdbce50c7d20740) C:\WINDOWS\system32\DRIVERS\DSSUSBF.sys
2011/03/14 20:06:08.0078 5332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/14 20:06:08.0125 5332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/14 20:06:08.0171 5332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/14 20:06:08.0281 5332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/14 20:06:08.0312 5332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/14 20:06:08.0343 5332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/14 20:06:08.0375 5332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/14 20:06:08.0437 5332 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/14 20:06:08.0468 5332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/14 20:06:08.0515 5332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/14 20:06:08.0562 5332 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/14 20:06:08.0640 5332 HSFHWAZL (3d812d0de9344bc9bd1a1b8575b883db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/14 20:06:08.0718 5332 HSF_DP (0e130bec5a13cf68adaa216ab55a8dff) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/14 20:06:08.0859 5332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/14 20:06:08.0984 5332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/14 20:06:09.0031 5332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/14 20:06:09.0187 5332 IntcAzAudAddService (93903ddd430db2fc61cbeeb2be651e9f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/14 20:06:09.0359 5332 IntelIde (374ec968ad5e86e0308ec7386784cbac) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/14 20:06:09.0359 5332 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelide.sys. Real md5: 374ec968ad5e86e0308ec7386784cbac, Fake md5: b5466a9250342a7aa0cd1fba13420678
2011/03/14 20:06:09.0359 5332 IntelIde - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/14 20:06:09.0390 5332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/14 20:06:09.0437 5332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/14 20:06:09.0484 5332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/14 20:06:09.0515 5332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/14 20:06:09.0562 5332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/14 20:06:09.0593 5332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/14 20:06:09.0640 5332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/14 20:06:09.0671 5332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/14 20:06:09.0718 5332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/14 20:06:09.0750 5332 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/14 20:06:09.0781 5332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/14 20:06:09.0828 5332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/14 20:06:10.0000 5332 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/14 20:06:10.0078 5332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/14 20:06:10.0125 5332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/14 20:06:10.0171 5332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/14 20:06:10.0218 5332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/14 20:06:10.0250 5332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/14 20:06:10.0296 5332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/14 20:06:10.0359 5332 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/14 20:06:10.0484 5332 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/14 20:06:10.0531 5332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/14 20:06:10.0578 5332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/14 20:06:10.0625 5332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/14 20:06:10.0656 5332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/14 20:06:10.0687 5332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/14 20:06:10.0734 5332 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/14 20:06:10.0796 5332 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/03/14 20:06:10.0843 5332 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/14 20:06:10.0890 5332 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/14 20:06:10.0937 5332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/14 20:06:10.0984 5332 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/14 20:06:11.0093 5332 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/14 20:06:11.0140 5332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/14 20:06:11.0187 5332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/14 20:06:11.0234 5332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/14 20:06:11.0265 5332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/14 20:06:11.0296 5332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/14 20:06:11.0375 5332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/14 20:06:11.0453 5332 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/03/14 20:06:11.0484 5332 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/03/14 20:06:11.0578 5332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/14 20:06:11.0625 5332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/14 20:06:11.0687 5332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/14 20:06:11.0734 5332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/14 20:06:11.0765 5332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/14 20:06:11.0828 5332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/14 20:06:11.0890 5332 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/03/14 20:06:12.0000 5332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/14 20:06:12.0031 5332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/14 20:06:12.0093 5332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/14 20:06:12.0125 5332 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/03/14 20:06:12.0156 5332 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/14 20:06:12.0234 5332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/14 20:06:12.0281 5332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/14 20:06:12.0421 5332 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2011/03/14 20:06:12.0453 5332 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2011/03/14 20:06:12.0578 5332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/14 20:06:12.0625 5332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/14 20:06:12.0718 5332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/14 20:06:12.0765 5332 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/14 20:06:12.0937 5332 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2011/03/14 20:06:13.0000 5332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/14 20:06:13.0031 5332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/14 20:06:13.0093 5332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/14 20:06:13.0125 5332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/14 20:06:13.0171 5332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/14 20:06:13.0234 5332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/14 20:06:13.0281 5332 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/14 20:06:13.0390 5332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/14 20:06:13.0437 5332 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/03/14 20:06:13.0515 5332 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/03/14 20:06:13.0562 5332 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/14 20:06:13.0640 5332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/14 20:06:13.0703 5332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/14 20:06:13.0781 5332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/14 20:06:13.0843 5332 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/14 20:06:13.0890 5332 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/03/14 20:06:13.0953 5332 SONYTVC (2100a5cc7dd75a5a0dba3cb9eb4f16bb) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys
2011/03/14 20:06:14.0031 5332 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/03/14 20:06:14.0156 5332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/14 20:06:14.0218 5332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/14 20:06:14.0281 5332 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/14 20:06:14.0343 5332 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/14 20:06:14.0375 5332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/14 20:06:14.0421 5332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/14 20:06:14.0546 5332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/14 20:06:14.0625 5332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/14 20:06:14.0734 5332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/14 20:06:14.0765 5332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/14 20:06:14.0812 5332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/14 20:06:14.0875 5332 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys
2011/03/14 20:06:14.0953 5332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/14 20:06:15.0046 5332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/14 20:06:15.0125 5332 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/03/14 20:06:15.0265 5332 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/14 20:06:15.0312 5332 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/14 20:06:15.0343 5332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/14 20:06:15.0390 5332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/14 20:06:15.0437 5332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/14 20:06:15.0484 5332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/14 20:06:15.0531 5332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/14 20:06:15.0562 5332 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/03/14 20:06:15.0593 5332 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/03/14 20:06:15.0640 5332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/14 20:06:15.0687 5332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/14 20:06:15.0734 5332 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/03/14 20:06:15.0828 5332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/14 20:06:16.0000 5332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/14 20:06:16.0156 5332 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/03/14 20:06:16.0250 5332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/14 20:06:16.0375 5332 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/03/14 20:06:16.0468 5332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/14 20:06:16.0531 5332 winachsf (c08fad1207bb219bdf9eec30afc1809e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/14 20:06:16.0703 5332 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/03/14 20:06:16.0781 5332 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/14 20:06:16.0859 5332 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/14 20:06:16.0921 5332 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/14 20:06:16.0968 5332 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/14 20:06:17.0031 5332 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/03/14 20:06:17.0296 5332 ================================================================================
2011/03/14 20:06:17.0296 5332 Scan finished
2011/03/14 20:06:17.0296 5332 ================================================================================
2011/03/14 20:06:17.0296 3964 Detected object count: 1
2011/03/14 20:07:16.0000 3964 IntelIde (374ec968ad5e86e0308ec7386784cbac) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/14 20:07:16.0000 3964 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelide.sys. Real md5: 374ec968ad5e86e0308ec7386784cbac, Fake md5: b5466a9250342a7aa0cd1fba13420678
2011/03/14 20:07:17.0156 3964 Backup copy found, using it..
2011/03/14 20:07:17.0296 3964 C:\WINDOWS\system32\DRIVERS\intelide.sys - will be cured after reboot
2011/03/14 20:07:17.0296 3964 Rootkit.Win32.TDSS.tdl3(IntelIde) - User select action: Cure
2011/03/14 20:07:24.0515 2024 Deinitialize success



-------------
XXXXXXXXXXXXX
-------------

Combofix Log file:

ComboFix 11-03-13.02 - Martin 14/03/2011 20:42:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.516 [GMT 0:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\program files\Internet Explorer\SET357.tmp
c:\program files\Internet Explorer\SET35C.tmp
c:\program files\Internet Explorer\SET434.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-13 12:42 . 2011-03-13 19:58 -------- d-----w- c:\program files\DriveImage XML harddrive backup
2011-03-13 12:17 . 2011-03-13 12:19 -------- d-----w- c:\documents and settings\Martin\Application Data\FILEminimizerPictures
2011-03-13 12:17 . 2011-03-13 12:17 -------- d-----w- c:\program files\FILEminimizer Pictures
2011-03-13 11:58 . 2011-03-13 11:58 -------- d-----w- c:\program files\OO Software
2011-03-07 00:31 . 2006-08-01 01:53 40960 ----a-w- c:\windows\system32\lxdevs.dll
2011-03-07 00:31 . 2007-05-03 15:50 348160 ----a-w- c:\windows\system32\lxdecoin.dll
2011-03-07 00:31 . 2007-05-25 13:42 113664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdedrpp.dll
2011-03-07 00:30 . 2007-05-24 16:24 692224 ----a-w- c:\windows\system32\lxdedrs.dll
2011-03-07 00:30 . 2007-05-22 10:09 65536 ----a-w- c:\windows\system32\lxdecaps.dll
2011-03-07 00:30 . 2007-04-17 10:17 69632 ----a-w- c:\windows\system32\lxdecnv4.dll
2011-03-07 00:29 . 2007-05-23 03:42 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-03-07 00:29 . 2007-05-23 03:42 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-03-07 00:29 . 2007-01-17 07:07 36864 ----a-w- c:\windows\system32\lxf3oem.dll
2011-03-07 00:29 . 2011-03-07 00:30 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-03-07 00:25 . 2007-05-27 22:21 36864 ----a-w- c:\windows\system32\lxdecur.dll
2011-03-07 00:25 . 2007-05-27 22:13 90112 ----a-w- c:\windows\system32\lxdecub.dll
2011-03-07 00:25 . 2007-05-27 22:06 77824 ----a-w- c:\windows\system32\lxdecu.dll
2011-03-07 00:25 . 2006-10-16 11:37 983107 ----a-w- c:\windows\system32\lxdegf.dll
2011-03-07 00:25 . 2007-05-29 09:07 598960 ----a-w- c:\windows\system32\lxdecoms.exe
2011-03-07 00:25 . 2007-05-17 14:00 364544 ----a-w- c:\windows\system32\lxdecomm.dll
2011-03-07 00:25 . 2007-05-29 09:07 365488 ----a-w- c:\windows\system32\lxdecfg.exe
2011-03-07 00:25 . 2007-05-17 13:56 860160 ----a-w- c:\windows\system32\lxdecomc.dll
2011-03-07 00:25 . 2007-05-10 21:51 77906 ----a-w- c:\windows\system32\lxdecfg.dll
2011-03-07 00:24 . 2011-03-07 00:30 -------- d-----w- c:\program files\Lexmark 4800 Series
2011-03-06 22:49 . 2011-03-07 00:35 -------- d-----w- c:\documents and settings\Martin\Application Data\Lexmark Productivity Studio
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\pt-PT
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\pt-BR
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\nl-NL
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\it-IT
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\fr-FR
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\es-ES
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\de-DE
2011-03-05 22:52 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-03-05 22:52 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-03-05 19:41 . 2011-03-05 19:41 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Apple
2011-03-02 01:31 . 2011-03-02 01:31 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-27 23:38 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 23:24 . 2011-02-27 23:24 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2011-02-27 23:24 . 2011-02-27 23:24 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-02-27 23:22 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-02-27 23:21 . 2011-02-27 23:21 -------- d-----w- c:\windows\system32\drivers\UMDF\en-US
2011-02-27 23:20 . 2011-02-27 23:24 -------- d-----w- c:\program files\Zune
2011-02-27 23:16 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-02-27 23:16 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-02-27 23:16 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-02-27 23:16 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-02-27 23:16 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-02-27 20:28 . 2011-03-06 23:39 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2011-02-26 23:08 . 2011-02-26 23:08 -------- d-----w- c:\documents and settings\Martin\Application Data\FaxCtr
2011-02-23 12:42 . 2011-02-23 14:38 -------- d-----w- c:\documents and settings\Sarah\Application Data\FaxCtr
2011-02-23 11:54 . 2011-02-23 11:54 -------- d-----w- C:\logs
2011-02-23 09:45 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-02-23 09:45 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-02-23 09:43 . 2007-05-23 03:44 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-02-23 09:43 . 2007-01-10 01:09 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-02-23 09:43 . 2007-01-10 01:09 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-02-23 09:43 . 2007-01-10 01:09 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-02-23 09:43 . 2007-01-10 01:09 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-02-23 09:43 . 2007-01-10 01:09 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-02-23 09:43 . 2011-02-23 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr
2011-02-23 09:41 . 2011-02-23 09:43 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-02-13 11:46 . 2011-02-13 13:08 -------- d-----w- c:\program files\CDex
2011-02-13 00:18 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2011-02-13 00:18 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2011-02-13 00:18 . 2004-08-04 12:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2011-02-13 00:18 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 20:08 . 2005-03-01 15:41 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-03-13 12:36 . 2011-03-13 12:36 118784 ----a-w- c:\windows\web\Wallpaper\club VAIO desktop bubbles.exe
2011-02-23 15:04 . 2010-07-18 11:33 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-01-20 23:42 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-01-20 23:42 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-01-20 23:42 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-01-20 23:42 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-01-20 23:42 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-01-20 23:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-01-20 23:42 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-01-20 23:42 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2005-03-01 06:33 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-03-01 06:32 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2005-03-01 15:45 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-03-01 15:45 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-03-01 06:33 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-03-01 06:32 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-03-01 06:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-03-01 06:32 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 21:37 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-21 21:37 . 2003-02-21 13:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-20 23:59 . 2005-03-01 06:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-03-01 06:32 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-03-01 06:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2010-12-06 00:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-06 00:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2005-03-01 06:32 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-03-01 06:32 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-07-19 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"TVTunerLib"="c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-16 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"VAIO Update 5"="c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe" [2010-04-09 1459568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2003-10-6 778240]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2003-10-6 778240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-12-5 794624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-09-23 15:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 16:46 45056 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-27 07:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/02/2011 23:38 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/01/2010 23:42 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/01/2010 23:42 19544]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [01/03/2005 06:33 71961]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 04:47 98304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9bde59abec9c8;Google Update Service (gupdate1c9bde59abec9c8);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 16:16 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [07/03/2011 00:31 99248]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 03:40 118784]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [08/12/2005 09:03 25381]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [10/02/2010 20:39 722288]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 13:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 16:16]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 16:16]
.
2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-326180289-332160248-2647142734-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-326180289-332160248-2647142734-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-326180289-332160248-2647142734-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-326180289-332160248-2647142734-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKLM-Run-EPSON Stylus C62 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
HKLM-Run-apoint - (no file)
HKLM-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
SafeBoot-klmdb.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AV - c:\program files\AV\Antivir.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_20030003
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2011-03-14 20:57:08
ComboFix-quarantined-files.txt 2011-03-14 20:57
.
Pre-Run: 1,798,172,672 bytes free
Post-Run: 1,857,994,752 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 351E26A46A6C97A2C09D4B1E5736BE55

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:05 PM

Posted 14 March 2011 - 06:22 PM

Hello,

Your log looks pretty good. Looks like the main infection is gone, just some leftovers. We will get rid of those and do some final checking.

1.
Uninstall iMeshMediabarTb. This is known to be associated with malware.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

iMeshMediabarTb or iMesh Mediabar

Additional instructions can be found here if needed.

2.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Domains::

Driver::
MSSQL$VAIO_VEDB
SQLAgent$VAIO_VEDB

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Reglockdel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

4.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Things to include in your next reply::
Combofix.txt
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 burnsy77

burnsy77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 15 March 2011 - 02:54 PM

Hi, I've followed the steps in your latest post thanks.

Step 1 - There was no iMeshMediabarTb programme in the list to uninstall
Step 2 - Unfortunately I set Avast to restart on reboot and Combofix did a reboot and Avast kept trying to prevent it running it's log file production. I stopped the Avast realtime scans and allowed those processes / apps it had flagged and Combofix seemed to complete ok.
Step 3 - I already had MBAM installed. The quick scan found nothing and did not reboot
Step 4 - The link to ESetScan wasn't quite to the right page, but it was easy enough to find and run it. I found one suspect file.

Computer is still running fine. I had forgotten the infection had prevented me sending print files to my WiFi printer, but that problem is now gone too.

Log files below:

-----xxxxxXXXXXxxxxx-----

Combofix.txt
ComboFix 11-03-14.01 - Martin 15/03/2011 0:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.656 [GMT 0:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSSQL$VAIO_VEDB
-------\Service_MSSQL$VAIO_VEDB
-------\Service_SQLAgent$VAIO_VEDB
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-13 12:42 . 2011-03-13 19:58 -------- d-----w- c:\program files\DriveImage XML harddrive backup
2011-03-13 12:17 . 2011-03-13 12:19 -------- d-----w- c:\documents and settings\Martin\Application Data\FILEminimizerPictures
2011-03-13 12:17 . 2011-03-13 12:17 -------- d-----w- c:\program files\FILEminimizer Pictures
2011-03-13 11:58 . 2011-03-13 11:58 -------- d-----w- c:\program files\OO Software
2011-03-07 00:31 . 2006-08-01 01:53 40960 ----a-w- c:\windows\system32\lxdevs.dll
2011-03-07 00:31 . 2007-05-03 15:50 348160 ----a-w- c:\windows\system32\lxdecoin.dll
2011-03-07 00:31 . 2007-05-25 13:42 113664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdedrpp.dll
2011-03-07 00:30 . 2007-05-24 16:24 692224 ----a-w- c:\windows\system32\lxdedrs.dll
2011-03-07 00:30 . 2007-05-22 10:09 65536 ----a-w- c:\windows\system32\lxdecaps.dll
2011-03-07 00:30 . 2007-04-17 10:17 69632 ----a-w- c:\windows\system32\lxdecnv4.dll
2011-03-07 00:29 . 2007-05-23 03:42 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2011-03-07 00:29 . 2007-05-23 03:42 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2011-03-07 00:29 . 2007-01-17 07:07 36864 ----a-w- c:\windows\system32\lxf3oem.dll
2011-03-07 00:29 . 2011-03-07 00:30 -------- d-----w- c:\program files\Lexmark Fax Solutions
2011-03-07 00:25 . 2007-05-27 22:21 36864 ----a-w- c:\windows\system32\lxdecur.dll
2011-03-07 00:25 . 2007-05-27 22:13 90112 ----a-w- c:\windows\system32\lxdecub.dll
2011-03-07 00:25 . 2007-05-27 22:06 77824 ----a-w- c:\windows\system32\lxdecu.dll
2011-03-07 00:25 . 2006-10-16 11:37 983107 ----a-w- c:\windows\system32\lxdegf.dll
2011-03-07 00:25 . 2007-05-29 09:07 598960 ----a-w- c:\windows\system32\lxdecoms.exe
2011-03-07 00:25 . 2007-05-17 14:00 364544 ----a-w- c:\windows\system32\lxdecomm.dll
2011-03-07 00:25 . 2007-05-29 09:07 365488 ----a-w- c:\windows\system32\lxdecfg.exe
2011-03-07 00:25 . 2007-05-17 13:56 860160 ----a-w- c:\windows\system32\lxdecomc.dll
2011-03-07 00:25 . 2007-05-10 21:51 77906 ----a-w- c:\windows\system32\lxdecfg.dll
2011-03-07 00:24 . 2011-03-07 00:30 -------- d-----w- c:\program files\Lexmark 4800 Series
2011-03-06 22:49 . 2011-03-07 00:35 -------- d-----w- c:\documents and settings\Martin\Application Data\Lexmark Productivity Studio
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\pt-PT
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\pt-BR
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\nl-NL
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\it-IT
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\fr-FR
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\es-ES
2011-03-05 23:15 . 2011-03-05 23:15 -------- d-----w- c:\windows\system32\de-DE
2011-03-05 22:52 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-03-05 22:52 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-03-05 19:41 . 2011-03-05 19:41 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Apple
2011-03-02 01:31 . 2011-03-02 01:31 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-27 23:38 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 23:24 . 2011-02-27 23:24 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2011-02-27 23:24 . 2011-02-27 23:24 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-02-27 23:23 . 2011-02-27 23:23 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-02-27 23:22 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-02-27 23:21 . 2011-02-27 23:21 -------- d-----w- c:\windows\system32\drivers\UMDF\en-US
2011-02-27 23:20 . 2011-02-27 23:24 -------- d-----w- c:\program files\Zune
2011-02-27 23:16 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-02-27 23:16 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-02-27 23:16 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-02-27 23:16 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-02-27 23:16 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-02-27 20:28 . 2011-03-14 21:46 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2011-02-26 23:08 . 2011-02-26 23:08 -------- d-----w- c:\documents and settings\Martin\Application Data\FaxCtr
2011-02-23 12:42 . 2011-02-23 14:38 -------- d-----w- c:\documents and settings\Sarah\Application Data\FaxCtr
2011-02-23 11:54 . 2011-02-23 11:54 -------- d-----w- C:\logs
2011-02-23 09:45 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-02-23 09:45 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2011-02-23 09:43 . 2007-05-23 03:44 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2011-02-23 09:43 . 2007-01-10 01:09 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2011-02-23 09:43 . 2007-01-10 01:09 98304 ----a-w- c:\windows\system32\IM31XPNG.DEL
2011-02-23 09:43 . 2007-01-10 01:09 69632 ----a-w- c:\windows\system32\IM31XTIF.DEL
2011-02-23 09:43 . 2007-01-10 01:09 49152 ----a-w- c:\windows\system32\IM31IMG.DIL
2011-02-23 09:43 . 2007-01-10 01:09 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2011-02-23 09:43 . 2011-02-23 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr
2011-02-23 09:41 . 2011-02-23 09:43 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2011-02-13 11:46 . 2011-02-13 13:08 -------- d-----w- c:\program files\CDex
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 20:08 . 2005-03-01 15:41 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-03-13 12:36 . 2011-03-13 12:36 118784 ----a-w- c:\windows\web\Wallpaper\club VAIO desktop bubbles.exe
2011-02-23 15:04 . 2010-07-18 11:33 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-01-20 23:42 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-01-20 23:42 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-01-20 23:42 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-01-20 23:42 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-01-20 23:42 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-01-20 23:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-01-20 23:42 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-01-20 23:42 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2005-03-01 06:33 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2005-03-01 06:32 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2005-03-01 15:45 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-03-01 15:45 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-03-01 06:33 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-03-01 06:32 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-03-01 06:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2005-03-01 06:32 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 21:37 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-21 21:37 . 2003-02-21 13:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-20 23:59 . 2005-03-01 06:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-03-01 06:32 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-03-01 06:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 18:09 . 2010-12-06 00:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-06 00:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2005-03-01 06:32 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2005-03-01 06:32 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
.
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-07-19 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-02-14 53248]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"TVTunerLib"="c:\program files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-16 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"VAIO Update 5"="c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe" [2010-04-09 1459568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-21 274608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2003-10-6 778240]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2003-10-6 778240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91E30409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-12-5 794624]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-09-23 15:24 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 16:46 45056 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-27 07:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/02/2011 23:38 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/01/2010 23:42 301528]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 04:47 98304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/01/2010 23:42 19544]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 03:40 118784]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [01/03/2005 06:33 71961]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1c9bde59abec9c8;Google Update Service (gupdate1c9bde59abec9c8);c:\program files\Google\Update\GoogleUpdate.exe [15/04/2009 16:16 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [07/03/2011 00:31 99248]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [08/12/2005 09:03 25381]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [10/02/2010 20:39 722288]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 13:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 16:16]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 16:16]
.
2011-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-326180289-332160248-2647142734-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-326180289-332160248-2647142734-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-326180289-332160248-2647142734-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
2011-03-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-326180289-332160248-2647142734-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-15 00:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(776)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\lxdecoms.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-15 00:45:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 00:45
ComboFix2.txt 2011-03-14 20:57
.
Pre-Run: 1,861,115,904 bytes free
Post-Run: 1,749,680,128 bytes free
.
- - End Of File - - 4DD11E0EB0D8BB4A2D6F42A5391A8C14





-----xxxxxXXXXXXxxxx-----

MBAM log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6045

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/03/2011 00:55:57
mbam-log-2011-03-15 (00-55-57).txt

Scan type: Quick scan
Objects scanned: 178501
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




-----xxxxxXXXXXxxxxx-----
ESetScan log
C:\Documents and Settings\Martin\Application Data\Sun\Java\Deployment\cache\6.0\5\5a13d8c5-233b9512 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:05 PM

Posted 15 March 2011 - 04:47 PM

Hello, burnsy77.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 burnsy77

burnsy77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 15 March 2011 - 06:27 PM

That's great, thanks very much for your help. Everything still working fine and I'll be installing a two-way firewall now.

A small donation is on its way with gratitude.

Cheers, burnsy77

Edited by burnsy77, 15 March 2011 - 06:32 PM.


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:05 PM

Posted 15 March 2011 - 07:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users