I have a browser hi jacker

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

I have a browser hi jacker6th July 2010, 12:53 am

I have a browser hijacker that won't allow me to reach antivirus websites. I have downloaded Malware-Antibytes on a clean computer and attempted to run it on my infected computer. I kept getting run time errors 0 and 440. I would greatly appreciate any help. BTW I'm not very PC savvy. Thanks again guys!!

Re: I have a browser hi jacker6th July 2010, 1:23 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Re: I have a browser hi jacker6th July 2010, 2:34 am

ComboFix 10-07-04.04 - MALORIE 07/05/2010 21:29:33.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1265 [GMT -5:00]
Running from: c:\documents and settings\MALORIE\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MALORIE\Application Data\avdrn.dat
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 01:52 . 2010-07-06 01:52 -------- d-----w- c:\documents and settings\MALORIE\Application Data\AVG9
2010-07-06 00:04 . 2010-07-06 00:04 -------- d-----w- c:\program files\CCleaner
2010-07-05 23:53 . 2010-07-05 23:53 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\Threat Expert
2010-07-05 22:21 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-05 22:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-05 22:21 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-05 22:21 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-07-05 22:21 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-05 22:21 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-07-05 22:20 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-05 22:20 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-05 22:20 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-05 22:20 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-05 22:20 . 2010-07-06 02:25 -------- d-----w- c:\program files\Spyware Doctor
2010-07-05 22:20 . 2010-07-05 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\MALORIE\Application Data\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 19:28 . 2010-06-30 19:28 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\FullTiltPoker.NET
2010-06-23 00:45 . 2010-06-23 00:45 50354 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\uninstall.exe
2010-06-23 00:45 . 2010-06-23 00:45 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Facebook
2010-06-12 21:19 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 21:11 . 2010-06-12 21:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-12 21:11 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-12 21:11 . 2010-06-12 21:11 -------- d-----w- c:\program files\Lavasoft
2010-06-12 16:35 . 2010-06-12 16:36 -------- d-----w- c:\program files\STOPzilla
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-06 19:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-06-06 19:07 . 2008-04-14 10:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-06 19:07 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-06 19:07 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-06 19:04 . 2010-06-06 19:04 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Nikon
2010-06-06 19:03 . 2010-06-06 19:03 49152 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-06-06 19:02 . 2010-06-06 19:02 335872 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-06-06 19:01 . 2010-06-06 19:03 -------- d-----w- c:\program files\Common Files\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-06-06 19:00 . 2010-06-06 19:00 -------- d-----w- c:\program files\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 02:25 . 2010-01-20 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-06 02:19 . 2010-06-18 20:02 -------- d-----w- c:\documents and settings\MALORIE\Application Data\LimeWire
2010-07-06 01:53 . 2009-12-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-06 01:20 . 2009-12-01 22:55 -------- d-----w- c:\program files\Google
2010-07-05 22:44 . 2009-12-01 22:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-05 20:24 . 2009-12-01 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-02 16:20 . 2010-04-09 14:45 -------- d-----w- c:\documents and settings\MALORIE\Application Data\vlc
2010-07-02 16:20 . 2010-05-11 14:42 -------- d-----w- c:\documents and settings\MALORIE\Application Data\FrostWire
2010-06-23 00:41 . 2010-06-06 19:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-06-18 18:26 . 2010-01-20 01:33 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-12 21:11 . 2009-12-01 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-11 20:10 . 2010-03-10 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 19:01 . 2003-03-19 17:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-06-06 19:01 . 2009-11-30 02:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-06 19:00 . 2009-11-30 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 19:44 . 2009-12-01 22:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 19:44 . 2009-12-01 22:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 15:39 . 2010-05-17 19:41 -------- d-----w- c:\documents and settings\MALORIE\Application Data\DivX
2010-06-02 19:08 . 2010-06-02 19:08 -------- d-----w- c:\program files\FrostWire
2010-06-01 16:58 . 2009-12-01 22:40 -------- d-----w- c:\program files\Symantec
2010-06-01 16:58 . 2010-06-01 16:58 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Symantec
2010-06-01 16:56 . 2009-12-01 22:45 -------- d-----w- c:\program files\Ahead
2010-06-01 16:55 . 2010-02-09 23:32 -------- d-----w- c:\program files\iTunes
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\Common Files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterActual
2010-06-01 13:46 . 2010-06-01 13:46 12 ----a-w- c:\windows\system32\config\systemprofile\Application Data\czyiwa.dat
2010-06-01 13:28 . 2010-05-31 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-22 21:45 . 2010-05-22 21:45 -------- d-----w- c:\program files\Oldgames
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Logitech
2010-05-17 19:42 . 2010-05-17 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-17 19:42 . 2010-05-17 19:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 19:42 . 2010-01-28 21:44 -------- d-----w- c:\program files\DivX
2010-05-17 19:42 . 2010-05-17 19:42 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-17 19:40 . 2010-05-17 19:42 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-17 19:40 . 2010-05-17 19:42 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-11 19:36 . 2010-05-11 19:36 0 ----a-w- c:\documents and settings\MALORIE\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-11 15:43 . 2010-05-11 15:43 -------- d-----w- c:\program files\iPod
2010-05-11 15:43 . 2010-01-20 01:45 -------- d-----w- c:\program files\Common Files\Apple
2010-05-11 15:41 . 2010-05-11 15:41 -------- d-----w- c:\program files\Bonjour
2010-05-11 15:40 . 2010-05-11 15:40 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]

c:\documents and settings\MALORIE\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-3-2 3121760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 15:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"e:\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2010 4:19 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/5/2010 5:20 PM 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 5:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 5:52 PM 242896]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:01 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:01 AM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/5/2010 5:21 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1228208]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
S0 mlmso;mlmso; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2009 5:57 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [11/29/2009 9:32 PM 1684736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/21/2009 9:24 PM 57248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/5/2010 5:20 PM 365280]
S3 ZD1211BU(TRENDnet);802.11g Wireless USB 2.0 Adapter C1 Driver(TRENDnet);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-01 22:55]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]

2010-07-05 c:\windows\Tasks\Norton Security Scan for MALORIE.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]

2010-07-05 c:\windows\Tasks\Norton Security Scan for Preferred Customer.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]

2010-07-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=8u.onk1A3yLBd6S8qw65kg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce5d5d&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 21:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(900)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
Completion time: 2010-07-05 21:33:13
ComboFix-quarantined-files.txt 2010-07-06 02:33

Pre-Run: 64,504,692,736 bytes free
Post-Run: 64,567,554,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 774CF9DA39296DE7CB564A90624CD537

Re: I have a browser hi jacker6th July 2010, 2:43 am

I should also mention that my (Anthony) profile was attacked some time ago by a virus. My desktop icons were rendered unusable. When I figured out that I can use my wife's(Malorie) profile instead, I chose to ignore the problem. Sorry this is all greek to me.

Thank you guys a million!

Re: I have a browser hi jacker6th July 2010, 4:39 am

Also wanted to add that combo fix seems to have allow me access to MBAM. I have downloaded it and currently running a full scan. Patiently awaiting further instruction.

Thanks again

Re: I have a browser hi jacker6th July 2010, 4:51 am

log from scan

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2010 11:50:53 PM
mbam-log-2010-07-05 (23-50-53).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 215459
Time elapsed: 23 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Mongoose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Preferred Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000ca (Adware.Mongoose) -> Quarantined and deleted successfully.
C:\Documents and Settings\Preferred Customer\Local Settings\Temp\CSM3F.tmp (Adware.Mongoose) -> Quarantined and deleted successfully.
C:\Documents and Settings\Preferred Customer\Local Settings\Temp\CSM44.tmp (Adware.Mongoose) -> Quarantined and deleted successfully.
C:\Documents and Settings\Preferred Customer\Local Settings\Temp\CSM51.tmp (Adware.Mongoose) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\setup.exe (Adware.Mongoose) -> Quarantined and deleted successfully.
D:\My Documents\Downloads\WebfettiSetup2.3.64.1.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Re: I have a browser hi jacker6th July 2010, 5:13 am

# From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.

I feel like an ass now. I will call it a day and check back tomorrow. Sorry about being impatient and not following rules. My PC is really just recreational so I'm not truly in a terrible bind. However, I am thankful for any help.

Thanks

Re: I have a browser hi jacker8th July 2010, 12:42 am

BUMP

Re: I have a browser hi jacker8th July 2010, 12:45 am

I must have not gotten subscription notice for this topic.

Please download MySystem-Search from one of the following links:

Download mirror 1

Download mirror 2

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Re: I have a browser hi jacker8th July 2010, 1:05 am

MySystem-Search

MSS v1.6

Basic System Information

Username: MALORIE - Date: 07/07/2010 - Time: 20:03:31

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 15 Stepping 11, GenuineIntel
Total processors: 4
Computer Name: ACER
Logon Server: \\ACER

CD Emulation Drivers running?

Roxio found!

Peer-to-Peer applications?

LimeWire found!
FrostWire found!

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 99,628 K
smss.exe 756 Console 0 956 K
csrss.exe 808 Console 0 8,264 K
winlogon.exe 836 Console 0 4,872 K
services.exe 880 Console 0 8,604 K
lsass.exe 892 Console 0 1,804 K
nvsvc32.exe 1052 Console 0 23,100 K
svchost.exe 1096 Console 0 5,488 K
svchost.exe 1144 Console 0 5,696 K
svchost.exe 1324 Console 0 39,240 K
svchost.exe 1464 Console 0 5,180 K
avgchsvx.exe 1544 Console 0 7,544 K
avgrsx.exe 1552 Console 0 500 K
svchost.exe 1592 Console 0 4,720 K
avgcsrvx.exe 1708 Console 0 312 K
spoolsv.exe 188 Console 0 28,832 K
WgaTray.exe 896 Console 0 896 K
explorer.exe 1252 Console 0 98,752 K
svchost.exe 1288 Console 0 3,820 K
AppleMobileDeviceService. 1356 Console 0 11,964 K
avgwdsvc.exe 1456 Console 0 2,228 K
mDNSResponder.exe 1576 Console 0 21,832 K
BDTUpdateService.exe 1184 Console 0 21,800 K
nSvcAppFlt.exe 648 Console 0 25,100 K
GhostStartService.exe 744 Console 0 11,016 K
avgnsx.exe 772 Console 0 17,924 K
jqs.exe 1088 Console 0 1,400 K
mdm.exe 2080 Console 0 21,948 K
nvraidservice.exe 2248 Console 0 24,692 K
RxMon.exe 2292 Console 0 43,744 K
GhostStartTrayApp.exe 2300 Console 0 17,192 K
avgtray.exe 2308 Console 0 2,848 K
RTHDCPL.EXE 2320 Console 0 50,480 K
jusched.exe 2328 Console 0 24,364 K
rundll32.exe 2348 Console 0 23,568 K
DivXUpdate.exe 2380 Console 0 35,888 K
NkMonitor.exe 2412 Console 0 22,064 K
iTunesHelper.exe 2428 Console 0 71,392 K
ctfmon.exe 3204 Console 0 21,076 K
Playlist.exe 1188 Console 0 26,524 K
NMSAccessU.exe 3608 Console 0 15,240 K
svchost.exe 432 Console 0 28,048 K
avgemc.exe 2180 Console 0 2,032 K
nSvcIp.exe 2580 Console 0 27,788 K
avgcsrvx.exe 3368 Console 0 4,284 K
wmiprvse.exe 3760 Console 0 30,404 K
iPodService.exe 2652 Console 0 18,056 K
alg.exe 3036 Console 0 26,516 K
jucheck.exe 496 Console 0 28,188 K
AAWTray.exe 2464 Console 0 21,248 K
AAWService.exe 2900 Console 0 86,148 K
unsecapp.exe 3912 Console 0 26,744 K
Civilization4.exe 3968 Console 0 519,360 K
~e5.0001 2920 Console 0 1,768 K
firefox.exe 3936 Console 0 120,200 K
plugin-container.exe 1516 Console 0 20,952 K
mss.exe 3540 Console 0 2,348 K
cmd.exe 2420 Console 0 1,756 K
tasklist.exe 144 Console 0 4,412 K
wmiprvse.exe 4048 Console 0 5,848 K

Hidden objects

PATH: C:\windows

$hf_mig$
$NtUninstallKB929399$
$NtUninstallKB939683$
$NtUninstallKB941569$
$NtUninstallKB954154_WM11$
$NtUninstallKB955759$
$NtUninstallKB961118$
$NtUninstallKB970430$
$NtUninstallKB971468$
$NtUninstallKB971737$
$NtUninstallKB972270$
$NtUninstallKB973904$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975562$
$NtUninstallKB975713$
$NtUninstallKB977165-v2$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978695_WM9$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979482$
$NtUninstallKB979559$
$NtUninstallKB979683$
$NtUninstallKB980195$
$NtUninstallKB980218$
$NtUninstallKB980232$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
ie8
Installer
WindowsShell.Manifest
winnt.bmp
winnt256.bmp

PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
logonui.exe.manifest
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest

PATH: C:\windows\system32\drivers

PATH: C:\

boot.ini
cmdcons
IO.SYS
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
RECYCLER
System Volume Information

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb1190990
ProfileLoadTimeHigh REG_DWORD 0x1cb1d48
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb0a1d3fc
ProfileLoadTimeHigh REG_DWORD 0x1cb1d48
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1960408961-492894223-839522115-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Preferred Customer
Sid REG_BINARY 0105000000000005150000008177D9740FF8601D43170A32EB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb3363f1c
ProfileLoadTimeHigh REG_DWORD 0x1cb1cc7
RefCount REG_DWORD 0x2
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1960408961-492894223-839522115-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\MALORIE
Sid REG_BINARY 0105000000000005150000008177D9740FF8601D43170A32ED030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb608a7e4
ProfileLoadTimeHigh REG_DWORD 0x1cb1d48
RefCount REG_DWORD 0x2
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

Ad-Aware Update (Weekly).job
AppleSoftwareUpdate.job
Google Software Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
OGALogon.job
desktop.ini
Norton Security Scan for MALORIE.job
Norton Security Scan for Preferred Customer.job
SA.DAT

Windows Drivers and NT-Services

Volume in drive C is WinXp
Volume Serial Number is 10A9-B4DD

Directory of C:\Windows\System32\Drivers

Volume in drive C is WinXp
Volume Serial Number is 10A9-B4DD

Directory of C:\Windows\System32\Drivers

08/17/2001 08:46 AM 6,400 enum1394.sys
08/17/2001 08:51 AM 3,328 pciide.sys
08/17/2001 08:59 AM 3,072 audstub.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
08/17/2001 02:57 PM 16,128 MODEMCSA.sys
08/23/2001 07:00 AM 11,648 acpiec.sys
08/23/2001 07:00 AM 11,776 cpqdap01.sys
08/23/2001 07:00 AM 4,352 wmilib.sys
08/23/2001 07:00 AM 5,888 dmload.sys
08/23/2001 07:00 AM 262,528 cinemst2.sys
08/23/2001 07:00 AM 58,112 vdmindvd.sys
08/23/2001 07:00 AM 4,736 usbd.sys
08/23/2001 07:00 AM 21,376 tsbvcap.sys
08/23/2001 07:00 AM 51,712 tosdvd.sys
08/23/2001 07:00 AM 10,496 dxapi.sys
08/23/2001 07:00 AM 14,592 smclib.sys
08/23/2001 07:00 AM 3,328 dxgthk.sys
08/23/2001 07:00 AM 5,888 rootmdm.sys
08/23/2001 07:00 AM 12,032 riodrv.sys
08/23/2001 07:00 AM 12,032 rio8drv.sys
08/23/2001 07:00 AM 4,224 rdpcdd.sys
08/23/2001 07:00 AM 12,032 ws2ifsl.sys
08/23/2001 07:00 AM 16,512 raspti.sys
08/23/2001 07:00 AM 4,224 beep.sys
08/23/2001 07:00 AM 12,160 fsvga.sys
08/23/2001 07:00 AM 8,832 rasacd.sys
08/23/2001 07:00 AM 17,792 ptilink.sys
08/23/2001 07:00 AM 18,688 cdaudio.sys
08/23/2001 07:00 AM 6,784 parvdm.sys
08/23/2001 07:00 AM 3,456 oprghdlr.sys
08/23/2001 07:00 AM 55,936 nwlnkspx.sys
08/23/2001 07:00 AM 63,232 nwlnknb.sys
08/23/2001 07:00 AM 32,512 nwlnkfwd.sys
08/23/2001 07:00 AM 12,416 nwlnkflt.sys
08/23/2001 07:00 AM 13,952 cbidf2k.sys
08/23/2001 07:00 AM 12,032 nikedrv.sys
08/23/2001 07:00 AM 7,936 fs_rec.sys
08/23/2001 07:00 AM 352,256 atmuni.sys
08/23/2001 07:00 AM 125,056 ftdisk.sys
08/23/2001 07:00 AM 31,360 atmepvc.sys
08/23/2001 07:00 AM 3,440,660 gm.dls
08/23/2001 07:00 AM 34,432 rawwan.sys
08/23/2001 07:00 AM 646 gmreadme.txt
08/23/2001 07:00 AM 2,944 null.sys
08/23/2001 07:00 AM 4,224 mnmdd.sys
08/23/2001 07:00 AM 7,680 mcd.sys
08/23/2001 07:00 AM 32,896 ipfltdrv.sys
08/14/2002 04:03 PM 17,005 ASPI32.SYS
12/12/2002 01:14 AM 5,504 mstee.sys
11/11/2003 11:44 AM 333,600 ctdvda2k.sys
07/09/2004 05:26 AM 52,096 msdv.sys
07/09/2004 05:26 AM 11,392 bdasup.sys
07/09/2004 05:26 AM 83,968 nabtsfec.sys
07/09/2004 05:26 AM 10,112 ndisip.sys
07/09/2004 05:26 AM 16,384 ccdecode.sys
07/09/2004 05:26 AM 15,104 mpe.sys
07/09/2004 05:26 AM 18,688 wstcodec.sys
07/09/2004 05:26 AM 10,880 slip.sys
07/09/2004 05:26 AM 14,976 streamip.sys
08/14/2004 03:56 AM 5,810 ASACPI.sys
04/12/2005 07:21 PM 45,504 WmXlCore.sys
04/12/2005 07:21 PM 5,600 WmVirHid.sys
04/12/2005 07:21 PM 10,144 WmBEnum.sys
04/12/2005 07:21 PM 22,240 WmFilter.sys
01/04/2006 03:41 PM 1,389,056 Monfilt.sys
02/07/2006 12:52 PM 6,912 JGOGO.sys
02/15/2006 03:13 AM 38,016 jraid.sys
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
12/29/2006 09:02 PM 67,866 netwlan5.img
12/29/2006 09:21 PM 64,352 ativmc20.cod
04/02/2007 10:36 PM 129,045 cxthsfs2.cty
05/23/2007 05:15 AM 547,744 A3AB.sys
04/13/2008 11:04 PM 327,040 ati2mtaa.sys
04/13/2008 11:04 PM 701,440 ati2mtag.sys
04/13/2008 11:04 PM 30,671 ati1raxx.sys
04/13/2008 11:04 PM 12,047 ati1pdxx.sys
04/13/2008 11:04 PM 63,663 ati1rvxx.sys
04/13/2008 11:04 PM 26,367 ati1snxx.sys
04/13/2008 11:04 PM 11,615 ati1mdxx.sys
04/13/2008 11:04 PM 73,216 atintuxx.sys
04/13/2008 11:04 PM 13,824 atinttxx.sys
04/13/2008 11:04 PM 28,672 atinsnxx.sys
04/13/2008 11:04 PM 104,960 atinrvxx.sys
04/13/2008 11:04 PM 14,336 atinpdxx.sys
04/13/2008 11:04 PM 56,623 ati1btxx.sys
04/13/2008 11:04 PM 13,824 atinmdxx.sys
04/13/2008 11:04 PM 57,856 atinbtxx.sys
04/13/2008 11:04 PM 36,463 ati1tuxx.sys
04/13/2008 11:04 PM 21,343 ati1ttxx.sys
04/13/2008 11:04 PM 52,224 atinraxx.sys
04/13/2008 11:04 PM 34,735 ati1xsxx.sys
04/13/2008 11:04 PM 31,744 atinxbxx.sys
04/13/2008 11:04 PM 29,455 ati1xbxx.sys
04/13/2008 11:04 PM 63,488 atinxsxx.sys
04/13/2008 11:04 PM 11,295 wadv08nt.sys
04/13/2008 11:04 PM 452,736 mtxparhm.sys
04/13/2008 11:04 PM 11,871 wadv09nt.sys
04/13/2008 11:04 PM 11,807 wadv07nt.sys
04/13/2008 11:04 PM 11,935 wadv11nt.sys
04/13/2008 11:04 PM 22,271 watv06nt.sys
04/13/2008 11:04 PM 25,471 watv10nt.sys
04/13/2008 11:04 PM 166,912 s3gnbm.sys
04/13/2008 11:06 PM 144,384 hdaudbus.sys
04/13/2008 11:09 PM 20,480 secdrv.sys
04/13/2008 11:09 PM 142,592 aec.sys
04/14/2008 12:15 AM 24,960 hidparse.sys
04/14/2008 12:15 AM 10,368 hidusb.sys
04/14/2008 12:15 AM 36,864 hidclass.sys
04/14/2008 12:15 AM 15,104 usbscan.sys
04/14/2008 12:53 AM 1,309,184 mtlstrm.sys
04/14/2008 12:53 AM 126,686 mtlmnt5.sys
04/14/2008 12:53 AM 180,360 ntmtlfax.sys
04/14/2008 12:53 AM 129,535 slnt7554.sys
04/14/2008 12:53 AM 13,776 recagent.sys
04/14/2008 12:53 AM 404,990 slntamr.sys
04/14/2008 12:53 AM 95,424 slnthal.sys
04/14/2008 12:53 AM 13,240 slwdmsup.sys
04/14/2008 12:53 AM 220,032 hsfbs2s2.sys
04/14/2008 12:53 AM 685,056 hsfcxts2.sys
04/14/2008 12:53 AM 1,041,536 hsfdpsp2.sys
04/14/2008 12:53 AM 11,868 mdmxsdk.sys
04/14/2008 01:01 AM 42,752 p3.sys
04/14/2008 01:01 AM 35,840 processr.sys
04/14/2008 01:01 AM 37,376 amdk6.sys
04/14/2008 01:01 AM 36,736 crusoe.sys
04/14/2008 01:01 AM 37,760 amdk7.sys
04/14/2008 01:01 AM 36,352 intelppm.sys
04/14/2008 01:02 AM 66,048 udfs.sys
04/14/2008 01:02 AM 30,848 npfs.sys
04/14/2008 01:02 AM 19,072 msfs.sys
04/14/2008 01:02 AM 180,608 mrxdav.sys
04/14/2008 01:02 AM 196,224 rdpdr.sys
04/14/2008 01:03 AM 129,792 fltmgr.sys
04/14/2008 01:03 AM 44,544 fips.sys
04/14/2008 01:04 AM 163,584 nwrdr.sys
04/14/2008 01:06 AM 5,888 smbali.sys
04/14/2008 01:06 AM 187,776 acpi.sys
04/14/2008 01:06 AM 42,368 agp440.sys
04/14/2008 01:06 AM 8,832 wmiacpi.sys
04/14/2008 01:06 AM 40,960 sisagp.sys
04/14/2008 01:06 AM 42,752 alim1541.sys
04/14/2008 01:06 AM 43,008 amdagp.sys
04/14/2008 01:06 AM 44,928 agpcpq.sys
04/14/2008 01:06 AM 37,248 isapnp.sys
04/14/2008 01:06 AM 63,744 mf.sys
04/14/2008 01:06 AM 46,464 gagp30kx.sys
04/14/2008 01:06 AM 44,672 uagp35.sys
04/14/2008 01:06 AM 42,240 viaagp.sys
04/14/2008 01:06 AM 120,192 pcmcia.sys
04/14/2008 01:06 AM 79,232 sdbus.sys
04/14/2008 01:06 AM 68,224 pci.sys
04/14/2008 01:06 AM 15,488 mssmbios.sys
04/14/2008 01:06 AM 73,472 sr.sys
04/14/2008 01:08 AM 71,168 dxg.sys
04/14/2008 01:09 AM 92,544 mqac.sys
04/14/2008 01:09 AM 24,576 kbdclass.sys
04/14/2008 01:09 AM 23,040 mouclass.sys
04/14/2008 01:09 AM 384,768 update.sys
04/14/2008 01:09 AM 42,368 mountmgr.sys
04/14/2008 01:09 AM 14,592 kbdhid.sys
04/14/2008 01:09 AM 4,992 MSPQM.sys
04/14/2008 01:09 AM 5,376 MSPCLOCK.sys
04/14/2008 01:09 AM 4,352 swenum.sys
04/14/2008 01:09 AM 7,552 MSKSSRV.sys
04/14/2008 01:10 AM 80,128 parport.sys
04/14/2008 01:10 AM 15,744 serenum.sys
04/14/2008 01:10 AM 27,392 fdc.sys
04/14/2008 01:10 AM 20,480 flpydisk.sys
04/14/2008 01:10 AM 57,600 redbook.sys
04/14/2008 01:10 AM 24,960 pciidex.sys
04/14/2008 01:10 AM 96,512 atapi.sys
04/14/2008 01:10 AM 96,384 scsiport.sys
04/14/2008 01:10 AM 14,208 diskdump.sys
04/14/2008 01:10 AM 36,352 disk.sys
04/14/2008 01:10 AM 11,008 sffp_sd.sys
04/14/2008 01:10 AM 11,904 sffdisk.sys
04/14/2008 01:10 AM 62,976 cdrom.sys
04/14/2008 01:10 AM 10,240 sffp_mmc.sys
04/14/2008 01:10 AM 19,712 partmgr.sys
04/14/2008 01:10 AM 11,392 sfloppy.sys
04/14/2008 01:10 AM 14,976 tape.sys
04/14/2008 01:11 AM 42,112 imapi.sys
04/14/2008 01:11 AM 52,352 volsnap.sys
04/14/2008 01:13 AM 12,672 mutohpen.sys
04/14/2008 01:13 AM 14,208 wacompen.sys
04/14/2008 01:14 AM 81,664 videoprt.sys
04/14/2008 01:14 AM 20,992 vga.sys
04/14/2008 01:14 AM 153,344 dmio.sys
04/14/2008 01:14 AM 799,744 dmboot.sys
04/14/2008 01:15 AM 52,864 DMusic.sys
04/14/2008 01:15 AM 6,272 splitter.sys
04/14/2008 01:15 AM 56,576 swmidi.sys
04/14/2008 01:15 AM 172,416 kmixer.sys
04/14/2008 01:15 AM 2,944 drmkaud.sys
04/14/2008 01:15 AM 60,160 drmk.sys
04/14/2008 01:15 AM 49,408 stream.sys
04/14/2008 01:15 AM 19,200 hidir.sys
04/14/2008 01:15 AM 46,592 irbus.sys
04/14/2008 01:15 AM 30,208 usbehci.sys
04/14/2008 01:15 AM 17,152 usbohci.sys
04/14/2008 01:15 AM 143,872 usbport.sys
04/14/2008 01:15 AM 59,520 usbhub.sys
04/14/2008 01:15 AM 26,368 usbstor.sys
04/14/2008 01:15 AM 32,128 usbccgp.sys
04/14/2008 01:15 AM 25,728 usbcamd2.sys
04/14/2008 01:15 AM 25,600 usbcamd.sys
04/14/2008 01:15 AM 15,872 usbintel.sys
04/14/2008 01:16 AM 25,344 sonydcam.sys
04/14/2008 01:16 AM 61,696 ohci1394.sys
04/14/2008 01:16 AM 53,376 1394bus.sys
04/14/2008 01:16 AM 121,984 usbvideo.sys
04/14/2008 01:16 AM 18,944 bthusb.sys
04/14/2008 01:16 AM 36,480 bthprint.sys
04/14/2008 01:16 AM 25,600 hidbth.sys
04/14/2008 01:16 AM 59,136 rfcomm.sys
04/14/2008 01:16 AM 37,888 bthmodem.sys
04/14/2008 01:16 AM 17,024 bthenum.sys
04/14/2008 01:21 AM 60,800 arp1394.sys
04/14/2008 01:21 AM 59,904 atmarpc.sys
04/14/2008 01:21 AM 61,824 nic1394.sys
04/14/2008 01:21 AM 55,808 atmlane.sys
04/14/2008 01:21 AM 101,120 bthpan.sys
04/14/2008 01:23 AM 40,320 nmnt.sys
04/14/2008 01:23 AM 71,552 bridge.sys
04/14/2008 01:23 AM 36,608 ip6fw.sys
04/14/2008 01:24 AM 11,264 irenum.sys
04/14/2008 01:26 AM 14,592 ndisuio.sys
04/14/2008 01:26 AM 12,288 tunmp.sys
04/14/2008 01:26 AM 34,688 netbios.sys
04/14/2008 01:26 AM 88,320 nwlnkipx.sys
04/14/2008 01:26 AM 35,072 msgpc.sys
04/14/2008 01:26 AM 69,120 psched.sys
04/14/2008 01:26 AM 30,592 rndismp.sys
04/14/2008 01:26 AM 12,800 usb8023.sys
04/14/2008 01:26 AM 12,800 usb8023x.sys
04/14/2008 01:26 AM 30,592 rndismpx.sys
04/14/2008 01:27 AM 20,864 ipinip.sys
04/14/2008 01:27 AM 152,832 ipnat.sys
04/14/2008 01:27 AM 34,560 wanarp.sys
04/14/2008 01:27 AM 10,112 ndistapi.sys
04/14/2008 01:27 AM 14,336 asyncmac.sys
04/14/2008 01:27 AM 40,576 ndproxy.sys
04/14/2008 01:27 AM 41,472 raspppoe.sys
04/14/2008 01:30 AM 19,072 tdi.sys
04/14/2008 01:30 AM 30,080 modem.sys
04/14/2008 01:44 AM 63,744 cdfs.sys
04/14/2008 01:44 AM 143,744 fastfat.sys
04/14/2008 01:45 AM 64,512 serial.sys
04/14/2008 01:45 AM 574,976 ntfs.sys
04/14/2008 01:45 AM 60,800 sysaudio.sys
04/14/2008 01:46 AM 49,536 classpnp.sys
04/14/2008 01:46 AM 141,056 ks.sys
04/14/2008 01:47 AM 105,344 mup.sys
04/14/2008 01:47 AM 83,072 wdmaud.sys
04/14/2008 01:48 AM 52,480 i8042prt.sys
04/14/2008 01:49 AM 146,048 portcls.sys
04/14/2008 01:49 AM 51,328 rasl2tp.sys
04/14/2008 01:49 AM 75,264 ipsec.sys
04/14/2008 01:49 AM 48,384 raspptp.sys
04/14/2008 01:50 AM 182,656 ndis.sys
04/14/2008 01:50 AM 91,520 ndiswan.sys
04/14/2008 01:51 AM 162,816 netbt.sys
04/14/2008 01:58 AM 175,744 rdbss.sys
04/14/2008 06:41 AM 3,967 adv02nt5.dll
04/14/2008 06:41 AM 3,135 adv08nt5.dll
04/14/2008 06:41 AM 3,711 adv09nt5.dll
04/14/2008 06:41 AM 4,255 adv01nt5.dll
04/14/2008 06:41 AM 3,775 adv11nt5.dll
04/14/2008 06:41 AM 3,615 adv05nt5.dll
04/14/2008 06:41 AM 3,647 adv07nt5.dll
04/14/2008 06:41 AM 15,423 ch7xxnt5.dll
04/14/2008 06:41 AM 14,143 atv06nt5.dll
04/14/2008 06:41 AM 25,471 atv04nt5.dll
04/14/2008 06:41 AM 11,359 atv02nt5.dll
04/14/2008 06:41 AM 17,279 atv10nt5.dll
04/14/2008 06:41 AM 21,183 atv01nt5.dll
04/14/2008 06:42 AM 3,901 siint5.dll
04/14/2008 06:42 AM 11,325 vchnt5.dll
04/14/2008 06:43 AM 12,040 tdpipe.sys
04/14/2008 06:43 AM 21,896 tdtcp.sys
04/14/2008 06:43 AM 40,840 termdd.sys
04/14/2008 06:43 AM 139,656 rdpwd.sys
05/08/2008 09:02 AM 203,136 rmcast.sys
06/13/2008 06:05 AM 272,128 bthport.sys
06/20/2008 06:51 AM 361,600 tcpip.sys
08/05/2008 08:10 PM 1,684,736 ambfilt.sys
08/14/2008 05:04 AM 138,496 afd.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 06:18 AM 92,928 ksecdd.sys
06/29/2009 01:36 AM 17,920 nvsmu.sys
06/30/2009 05:48 AM 6,136 nvphy.bin
06/30/2009 06:31 PM 164,896 nvgts.sys
06/30/2009 06:31 PM 139,296 nvrd32.sys
07/01/2009 12:53 PM 207,872 nvnrm.sys
07/01/2009 12:53 PM 66,688 NVENETFD.sys
07/01/2009 12:53 PM 13,824 nvnetbus.sys
08/05/2009 05:38 PM 5,874,176 RtkHDAud.sys
08/21/2009 09:24 PM 57,248 nvhda32.sys
09/15/2009 02:01 AM 7,387 pctgntdi.cat
09/15/2009 02:12 AM 7,412 PCTAppEvent.cat
09/15/2009 06:20 AM 7,383 pctplsg.cat
09/16/2009 03:20 AM 7,383 pctcore.cat
09/23/2009 04:10 PM 207,280 PCTCore.sys
10/06/2009 04:31 PM 87,784 PCTAppEvent.sys
10/16/2009 02:33 AM 41,472 usbaapl.sys
10/20/2009 11:20 AM 265,728 http.sys
11/13/2009 07:49 PM 9,464 cdralw2k.sys
11/13/2009 07:49 PM 9,336 cdr4_xp.sys
11/29/2009 03:33 AM disdn
12/31/2009 11:50 AM 353,792 srv.sys
01/11/2010 11:03 PM 10,276,768 nv4_mini.sys
02/05/2010 09:17 AM 233,136 pctgntdi.sys
02/05/2010 09:25 AM 70,408 pctplsg.sys
02/11/2010 07:02 AM 226,880 tcpip6.sys
02/12/2010 06:36 PM UMDF
02/24/2010 08:11 AM 455,680 mrxsmb.sys
03/08/2010 02:39 PM NSS
03/12/2010 10:01 AM 216,200 avgldx86.sys
03/30/2010 08:58 PM 44,944 PxHelp20.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/03/2010 02:44 PM 29,584 avgmfx86.sys
06/03/2010 02:44 PM 242,896 avgtdix.sys
07/05/2010 09:32 PM etc
07/06/2010 04:22 PM 64,288 Lbd.sys
07/06/2010 04:22 PM 95,024 SBREDrv.sys
07/06/2010 04:23 PM ..
07/06/2010 04:23 PM .
07/07/2010 08:51 AM Avg
324 File(s) 47,148,297 bytes
7 Dir(s) 61,609,037,824 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MALORIE\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MALORIE
LOGONSERVER=\\ACER
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\MALORIE\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Symantec\Norton Ghost 2003;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MALORIE\LOCALS~1\Temp
TMP=C:\DOCUME~1\MALORIE\LOCALS~1\Temp
USERDOMAIN=ACER
USERNAME=MALORIE
USERPROFILE=C:\Documents and Settings\MALORIE
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
PrivDiscUiShown REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY 2C0A853FF1BFCA01
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
ProxyOverride REG_SZ ;*.local
ProxyServer REG_SZ http=127.0.0.1:5555
EnableAutodial REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE000000280100001E040000A8030000
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY EAD847559D1CCB01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 202AD4C15BD4CA01
Check_Associations REG_SZ no
Start Page Redirect Cache REG_SZ http://www.msn.com/
Start Page Redirect Cache_TIMESTAMP REG_BINARY AA0A5AD9B51CCB01
Start Page Redirect Cache AcceptLangs REG_SZ en-us
FormSuggest PW Ask REG_SZ no
NotifyDownloadComplete REG_SZ yes
StatusBarOther REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

Protocol hijack?

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x1
FirewallOverride REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG9\avgupd.exe REG_SZ C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
E:\Battlefield 1942\BF1942.exe REG_SZ E:\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
C:\Program Files\SopCast\adv\SopAdver.exe REG_SZ C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
C:\Program Files\SopCast\SopCast.exe REG_SZ C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
C:\Program Files\GameSpy Arcade\Aphex.exe REG_SZ C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe REG_SZ C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe REG_SZ C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2
C:\Program Files\FrostWire\FrostWire.exe REG_SZ C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
C:\WINDOWS\system32\spoolsv.exe REG_SZ C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe REG_SZ D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4

Uninstall List

Re: I have a browser hi jacker8th July 2010, 1:06 am

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Registry Optimizer_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Plus DirectShow Filters

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Setup.divx.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVD Shrink_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FrostWire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885884

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975364-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.4)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Control Panel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA nView Desktop Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SopCast

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\STOPzilla_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super DVD Creator_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemRequirementsLab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07287123-B8AC-41CE-8346-3D777245C35B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13F3917B56CD4C25848BDC69916971BB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16D2C649-CBA8-44EE-B730-12584667D487}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{186A63A2-4256-43C6-8061-95EF77A5CDB6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18D10072035C4515918F7E37EAFAACFC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216016FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{338F08AB-C262-42C7-B000-34DE1A475273}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FC7CBBC4C1E11DCA1A752EA55D89593}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{42BAEF3D-4364-495F-8909-9774C7992365}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C1DA723-24FC-48AD-93BA-925695C3EF26}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5EE7D259-D137-4438-9A5F-42F432EC0421}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66A405D2-BA14-4594-BF36-B3B544F0754E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6975E810-C92F-45F0-0BFD-187B312F10E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DE13770-01B7-4366-8DA6-48237793F445}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7585478E9D9B42108671C12F8714CEFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AB3A249-FB81-416B-917A-A2A10E74C503}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A92000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13A7C41581B411290FBC0395694E2A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D45E8C45-B601-4A80-AFD8-E16338744DE1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E07B7A31-E160-466D-A003-3BB7B8989D52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9757890-7EC5-46C8-99AB-B00F07B6525C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B0939E-58DF-11DF-B3A6-005056806466}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Facebook Plug-In

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.32.18
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo REG_SZ http://www.adobe.com/go/flashplayer/
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NVRaidService REG_SZ C:\WINDOWS\system32\nvraidservice.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RoxioEngineUtility REG_SZ "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
RoxioAudioCentral REG_SZ "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
GhostStartTrayApp REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe
RTHDCPL REG_SZ RTHDCPL.EXE
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Nikon Transfer Monitor REG_SZ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C661BB6-0FB7-4524-BF9D-27DB32720D6D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12D19A3B-3D17-4751-BDFD-309734E30EE7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A109C07-02B2-4288-9118-849481A33662}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CFD3E3C-F5F8-4274-909A-75114081AFEF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55BEC13B-7867-4092-9B93-E14EB9459D1B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{76C9BBAE-8105-4067-9D24-0594FAA42E59}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B7A2BAD2-AF3D-46F0-8AC8-B8BD406DCF89}

Windows IP Configuration

Host Name . . . . . . . . . . . . : acer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

Physical Address. . . . . . . . . : 00-22-15-3C-D9-12

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : D-Link WDA-2320 Desktop Adapter

Physical Address. . . . . . . . . : 00-15-E9-88-29-DF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Wednesday, July 07, 2010 6:03:37 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

AppInit DLLs

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Shell Execute Hooks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

Image File Execution Options

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x37c
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ActiveSetupRoxioCD.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Project Selector\ActiveSetupRoxioCD.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Project Selector\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
REG_SZ C:\PROGRA~1\AVG\AVG9\avgse.dll
Menu1 REG_SZ Scan with &AVG Free
Help1 REG_SZ Scan against viruses with AVG Free

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
REG_SZ C:\Program Files\CCleaner\ccleaner.exe
Path REG_SZ C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CDEngine.dll
REG_SZ C:\Program Files\Common Files\Roxio Shared\CDEngine\CDEngine.dll
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\CDEngine\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CDLabel.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Label Creator\CDLabel.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Label Creator\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\system32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\MALORIE\My Documents\Downloads\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Creator.dll
REG_SZ C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Creator.dll
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\CreatorAPI\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Creatorc.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\Creatorc.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DiscCopier.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\DiscCopier.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Excel.exe
REG_SZ C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office10\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\frontpg.exe
REG_SZ C:\PROGRA~1\MICROS~2\Office10\FRONTPG.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office10\
useURL REG_SZ yes

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\gdisk.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\gdisk.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\gdisk32.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\gdisk32.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ghost Boot Wizard.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\Ghost Boot Wizard.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ghost.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\ghost.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ghostexp.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\Ghostexp.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GhostStart.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhostStart.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GhostStartTrayApp.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GhReboot.exe
REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhReboot.exe
Path REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\help\IA_help.htm
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\help\IA_help.htm

Re: I have a browser hi jacker8th July 2010, 1:07 am

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\inuninst.exe
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\inuninst.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InterActual Player\iPlayer.exe
Path REG_SZ C:\Program Files\InterActual
REG_SZ C:\Program Files\InterActual\InterActual Player\iPlayer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LWEmon.exe
REG_SZ C:\Program Files\Logitech\Profiler\LWEmon.exe
Path REG_SZ C:\Program Files\Logitech\Profiler

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MSPaper\MSPVIEW.EXE
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSPaper\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NMain.exe
REG_SZ C:\Program Files\Common Files\Symantec Shared\NMain.exe
Path REG_SZ C:\Program Files\Common Files\Symantec Shared

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pmstudio.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\pmstudio.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerPnt.exe
REG_SZ C:\PROGRA~1\MICROS~2\Office10\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office10\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\projselector.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Project Selector\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Retrieve.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\Retrieve.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rox6pTutorial.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\Rox6pTutorial.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxAssist.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Upgrade\roxassist.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Upgrade\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ROXIOPhotoSuite.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\ROXIOPhotoSuite.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxioPlayer.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Roxio Player\RoxioPlayer.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\Roxio Player\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\roxregister.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\roxregister.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxupdate.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Upgrade\Roxupdate.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Upgrade\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxMediaX.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMediaX.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxMon.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxPlayer.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxPlayer.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxSoundEditor.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxSoundEditor.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RxTagEditor.exe
REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxTagEditor.exe
Path REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
REG_SZ C:\Program Files\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SopCast.exe
REG_SZ C:\Program Files\SopCast\SopCast.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Stronghold2.exe
Path REG_SZ C:\Program Files\Firefly Studios\Stronghold 2
REG_SZ C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\StrongholdLegends.exe
Path REG_SZ C:\Program Files\Firefly Studios\Stronghold Legends
REG_SZ C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\tutorial.exe
REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\Roxioscan.exe
Path REG_SZ C:\Program Files\Common Files\Roxio Shared\Support\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office10\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
REG_SZ 1.9.2.4
CurrentVersion REG_SZ 3.6.4 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.4 (en-US)
REG_SZ 3.6.4 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.4 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.4 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.4)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.4
GeckoVer REG_SZ 1.9.2.4

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.4\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.4\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files

muweb.inf
wuweb.inf

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55e84fec-2aea-11df-baa8-0015e98829df}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988de99c-0487-11df-a460-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988de99d-0487-11df-a460-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{988de99e-0487-11df-a460-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac4d5444-049c-11df-ba7e-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ ACER
DefaultUserName REG_SZ MALORIE
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ MALORIE
AltDefaultDomainName REG_SZ ACER
ChangePasswordUseKerberos REG_DWORD 0x1
LegalNotice Text REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Windows Update

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-07-06 20:19:05
LastError REG_DWORD 0x0

Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: AVG Anti-Virus Free *Scanner disabled* (Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

{END OF FILE}

Re: I have a browser hi jacker8th July 2010, 1:08 am

THANK YOU MUCH FOR YOUR HELP.

I appreciate you guys.

Re: I have a browser hi jacker8th July 2010, 3:59 am

WOW.
These logs u ask for reveal a lot of info

Hope I'm not being naive and taken advantage of.

At this point I feel I have posted more than enough. Please communicate with me with something other than automated responses.

thank you

Re: I have a browser hi jacker8th July 2010, 8:20 pm

Actually, all of the info posted is to help reveal malware entry points so we can find and target the malware. Sometimes logs cannot properly help diagnose the issue. Eventually, malware finds ways to get around our scanners.

If we did not use our scanners, and instead used third party products, we could not get enough info to make sure we can help to defeat the issue.

For example, whenever rootkit scanners, and antivirus software scan for a rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

Problem is, you could try to replace every file on the system, but still the rootkit will show its face. That is a primary problem we have in detecting malware. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it.

Now, time to get rid of that rogue proxy server.

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

:reg
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
"ProxyServer"="http=127.0.0.1"

:Commands
[emptytemp]
[purity]
[Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

After the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re: I have a browser hi jacker8th July 2010, 9:15 pm

Here is the log from OTM:

All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings\"ProxyServer"="http|127.0.0.1" /E :invalid edit format. No such root key.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MALORIE
->Temp folder emptied: 835129 bytes
->Temporary Internet Files folder emptied: 58560 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38388500 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Preferred Customer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16823 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb

OTM by OldTimer - Version 3.1.12.2 log created on 07082010_160200

Files moved on Reboot...
C:\Documents and Settings\MALORIE\Local Settings\Temp\div6.tmp\div7.tmp moved successfully.
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_002_ not found!
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_003_ not found!
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_MAP_ not found!
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\urlclassifier3.sqlite not found!
File C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\XUL.mfl not found!
File C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!

Registry entries deleted on Reboot...

I had to do it twice because I was not expecting OTM to auto reboot. Now I'm struggling with this part of your request:

After the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post

As I am not seeing: C:\_OTMoveIt\MovedFiles folder

I will repeat it once more, if I fail then I'll await your response.

Again I thank you

Re: I have a browser hi jacker8th July 2010, 9:25 pm

Maybe I figured it out:

All processes killed
========== REGISTRY ==========
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings\"ProxyServer"="http|127.0.0.1" /E :invalid edit format. No such root key.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: MALORIE
->Temp folder emptied: 778070 bytes
->Temporary Internet Files folder emptied: 38164 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71465140 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2477 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 3847 bytes

User: Preferred Customer
->Temp folder emptied: 697697998 bytes
->Temporary Internet Files folder emptied: 176156189 bytes
->Java cache emptied: 12301772 bytes
->FireFox cache emptied: 44294846 bytes
->Google Chrome cache emptied: 195914198 bytes
->Flash cache emptied: 73129 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2362987 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 395 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,149.00 mb

OTM by OldTimer - Version 3.1.12.2 log created on 07082010_154819

Files moved on Reboot...
C:\Documents and Settings\MALORIE\Local Settings\Temp\div5.tmp\div6.tmp moved successfully.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\MALORIE\Local Settings\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\XUL.mfl scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: I have a browser hi jacker9th July 2010, 2:47 am

Let's try ComboFix, since that failed in OTM.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the box below into it:
DDS::
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: I have a browser hi jacker9th July 2010, 1:17 pm

ComboFix 10-07-08.02 - MALORIE 07/09/2010 8:08.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1498 [GMT -5:00]
Running from: c:\documents and settings\MALORIE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MALORIE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-08 20:48 . 2010-07-08 20:48 -------- d-----w- C:\_OTM
2010-07-06 21:00 . 2010-07-06 21:00 -------- d-----w- c:\documents and settings\MALORIE\Application Data\My Games
2010-07-06 20:11 . 2010-07-06 20:11 -------- d-----w- c:\program files\MSXML 4.0
2010-07-06 06:36 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-06 05:52 . 2010-07-06 05:52 -------- d-----w- c:\program files\iPod
2010-07-06 05:52 . 2010-07-06 05:53 -------- d-----w- c:\program files\iTunes
2010-07-06 05:50 . 2010-07-06 05:50 -------- d-----w- c:\program files\Bonjour
2010-07-06 05:48 . 2010-07-06 05:48 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-06 05:48 . 2010-07-06 05:48 -------- d-----w- c:\program files\Safari
2010-07-06 05:47 . 2010-07-06 05:47 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Malwarebytes
2010-07-06 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 04:26 . 2010-07-06 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-06 04:26 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 04:16 . 2008-04-14 00:12 11776 ----a-w- C:\regsvr32.exe
2010-07-06 03:26 . 2010-07-06 03:26 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\cache
2010-07-06 01:52 . 2010-07-06 01:52 -------- d-----w- c:\documents and settings\MALORIE\Application Data\AVG9
2010-07-06 00:04 . 2010-07-06 00:04 -------- d-----w- c:\program files\CCleaner
2010-07-05 23:53 . 2010-07-05 23:53 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\Threat Expert
2010-07-05 22:21 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-05 22:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-05 22:21 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-07-05 22:21 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-07-05 22:21 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-05 22:21 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-07-05 22:20 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-05 22:20 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-05 22:20 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-05 22:20 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-05 22:20 . 2010-07-06 05:18 -------- d-----w- c:\program files\Spyware Doctor
2010-07-05 22:20 . 2010-07-05 22:21 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\MALORIE\Application Data\PC Tools
2010-07-05 22:20 . 2010-07-05 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-30 19:28 . 2010-06-30 19:28 -------- d-----w- c:\documents and settings\MALORIE\Local Settings\Application Data\FullTiltPoker.NET
2010-06-23 00:45 . 2010-06-23 00:45 50354 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\uninstall.exe
2010-06-23 00:45 . 2010-06-23 00:45 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Facebook
2010-06-12 21:19 . 2010-07-06 21:22 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 21:11 . 2010-06-12 21:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-12 21:11 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-12 21:11 . 2010-06-12 21:11 -------- d-----w- c:\program files\Lavasoft
2010-06-12 16:35 . 2010-06-12 16:36 -------- d-----w- c:\program files\STOPzilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 23:36 . 2009-12-01 22:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-08 23:27 . 2009-12-01 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-08 21:03 . 2010-01-20 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-08 14:57 . 2010-05-11 14:42 -------- d-----w- c:\documents and settings\MALORIE\Application Data\FrostWire
2010-07-08 14:56 . 2010-04-29 04:33 -------- d-----w- c:\program files\LimeWire
2010-07-08 14:56 . 2010-06-02 19:08 -------- d-----w- c:\program files\FrostWire
2010-07-06 21:22 . 2009-12-01 22:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-06 20:48 . 2009-11-30 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-06 20:48 . 2010-03-05 02:05 -------- d-----w- c:\program files\Firaxis Games
2010-07-06 20:24 . 2010-03-05 02:18 -------- d-----w- c:\documents and settings\Preferred Customer\Application Data\My Games
2010-07-06 20:20 . 2010-02-12 23:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-06 20:10 . 2010-01-20 01:33 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-06 05:52 . 2010-01-20 01:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-06 01:53 . 2009-12-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-06 01:20 . 2009-12-01 22:55 -------- d-----w- c:\program files\Google
2010-06-23 00:41 . 2010-06-06 19:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-06-12 21:11 . 2009-12-01 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-11 20:10 . 2010-03-10 01:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-06 19:04 . 2010-06-06 19:04 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Nikon
2010-06-06 19:03 . 2010-06-06 19:03 49152 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-06-06 19:03 . 2010-06-06 19:01 -------- d-----w- c:\program files\Common Files\Nikon
2010-06-06 19:02 . 2010-06-06 19:02 335872 ----a-r- c:\documents and settings\MALORIE\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\program files\Nikon
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-06-06 19:01 . 2010-06-06 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-06-06 19:01 . 2003-03-19 17:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2010-06-06 19:01 . 2009-11-30 02:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-06 19:00 . 2010-06-06 19:00 -------- d-----w- c:\program files\ArcSoft
2010-06-03 19:44 . 2009-12-01 22:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 19:44 . 2009-12-01 22:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 15:39 . 2010-05-17 19:41 -------- d-----w- c:\documents and settings\MALORIE\Application Data\DivX
2010-06-01 16:58 . 2009-12-01 22:40 -------- d-----w- c:\program files\Symantec
2010-06-01 16:58 . 2010-06-01 16:58 -------- d-----w- c:\documents and settings\MALORIE\Application Data\Symantec
2010-06-01 16:56 . 2009-12-01 22:45 -------- d-----w- c:\program files\Ahead
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\Common Files\InterVideo
2010-06-01 16:53 . 2009-12-01 22:46 -------- d-----w- c:\program files\InterActual
2010-06-01 13:28 . 2010-05-31 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-05-22 21:45 . 2010-05-22 21:45 -------- d-----w- c:\program files\Oldgames
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Common Files\Logitech
2010-05-22 18:14 . 2010-05-22 18:14 -------- d-----w- c:\program files\Logitech
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-17 19:42 . 2010-05-17 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-17 19:42 . 2010-05-17 19:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-17 19:42 . 2010-01-28 21:44 -------- d-----w- c:\program files\DivX
2010-05-17 19:42 . 2010-05-17 19:42 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-17 19:42 . 2010-05-17 19:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-17 19:40 . 2010-05-17 19:42 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-17 19:40 . 2010-05-17 19:42 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-11 19:36 . 2010-05-11 19:36 0 ----a-w- c:\documents and settings\MALORIE\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-06 10:41 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-03 22:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 23:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-07-08_18.15.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-08 21:03 . 2010-07-08 21:03 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 163872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\MALORIE\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-3-2 3121760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 15:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"e:\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2010 4:19 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/5/2010 5:20 PM 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/1/2009 5:52 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/1/2009 5:52 PM 242896]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 4:11 PM 5632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:01 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:01 AM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/5/2010 5:21 PM 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 5:15 AM 547744]
S0 mlmso;mlmso; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2009 5:57 PM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [11/29/2009 9:32 PM 1684736]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/21/2009 9:24 PM 57248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/5/2010 5:20 PM 365280]
S3 ZD1211BU(TRENDnet);802.11g Wireless USB 2.0 Adapter C1 Driver(TRENDnet);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:22]

2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-01 22:55]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]

2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 22:56]

2010-07-09 c:\windows\Tasks\Norton Security Scan for MALORIE.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]

2010-07-09 c:\windows\Tasks\Norton Security Scan for Preferred Customer.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-08 05:04]

2010-07-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 21:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=8u.onk1A3yLBd6S8qw65kg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce5d5d&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\MALORIE\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 08:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(880)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

- - - - - - - > 'explorer.exe'(2036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-09 08:13:13
ComboFix-quarantined-files.txt 2010-07-09 13:13
ComboFix2.txt 2010-07-08 18:17
ComboFix3.txt 2010-07-06 02:33

Pre-Run: 62,717,747,200 bytes free
Post-Run: 62,706,233,344 bytes free

- - End Of File - - ED6FDBE29A409525BE062EED417DA3D6

Re: I have a browser hi jacker9th July 2010, 8:46 pm

Excellent. Now, are you still having issues with the web browser?

Re: I have a browser hi jacker9th July 2010, 9:55 pm

Well I'm still getting redirected using Mozilla Firefox. IE seems ok.

Example: I visit Dallasnews.com then choose (like I do on daily basis) http://cowboysblog.dallasnews.com/. I choose any article that I wish to read and I am allowed only seconds to read before being redirected to a blank page that appears to be perpetually loading. Here is an address from my most recent visit that I was redirected to:http://www.dallasnews.com/sharedcontent/dws/spt/football/cowboys/stories/071010dnspolockhart.122ab2579.html.

I can read this article fine using IE. I also noticed a few weeks ago that my Mozilla desktop icon was renamed '33' I at first attributed this to me cleaning my keyboard and somehow accidentally screwing stuff up. However, I realized something else was going on.

Well if you feel that you have eliminated one issue, I am grateful. I still feel as though I have issues.

Regardless I THANK YOU. I FEEL EMPOWERED AGAINST THESE A-HOLES WITH YOU HELPING ME. So, sincere gratitude to you and this great site.

Last edited by anthonyj on 10th July 2010, 5:09 am; edited 1 time in total

Re: I have a browser hi jacker9th July 2010, 11:04 pm

No its official I'm still getting redirected.

Not always but frequently I get this:

http://results.google-analytics.com/

Re: I have a browser hi jacker9th July 2010, 11:05 pm

here is my most recent redirection:

http://www.apartmentfinder.com/search.aspx?ecid=PS|ADM|21189S114209140&source=11_1543168

Re: I have a browser hi jacker10th July 2010, 12:47 am

Odd.

Let's check it out in Firefox.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Re: I have a browser hi jacker10th July 2010, 2:22 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:21 on 09/07/2010 (MALORIE)
Firefox version 3.6.6 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:45 20/01/2010]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [21:32 28/01/2010]

C:\Documents and Settings\MALORIE\Application Data\Mozilla\Firefox\Profiles\so24jkxn.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [17:42 11/03/2010]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [00:04 06/07/2010]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [02:31 20/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [21:32 28/01/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02:45 05/03/2010]

-=E.O.F=-

Re: I have a browser hi jacker10th July 2010, 3:31 am

I suppose that it's worth mentioning that occasionally the word 'JUMP' replaces the title of the page in the tab.

So say that I were redirected away from this page, the word 'JUMP' would replace 'I have a browser hijacker'. This is only occasionally and I have not yet been redirected away from this page so this is only an example.

On top of that random windows will pop-up while I am browsing. So instead of being redirected, I have one too many windows open.

Re: I have a browser hi jacker10th July 2010, 5:23 am

This God dern hijacker is still active. I'm PO'ed.

Of course I'm not mad at you guys, but I'd like to get physical (probably get my lil ass whooped, lol) with whomever is responsible for this crap.

I prefer the Firefox interface. Not a fan of IE.

Tried to do some casual browsing just now. But no, I'm getting owned by some mysterious hijacker.

Thanks for teaming up with me.

WE SHALL PREVAIL!!

Re: I have a browser hi jacker10th July 2010, 6:33 pm

Please download ComboFix I have a browser hi jacker Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

I have a browser hi jacker

descriptionI have a browser hi jacker6th July 2010, 12:53 am

descriptionRe: I have a browser hi jacker6th July 2010, 1:23 am

descriptionRe: I have a browser hi jacker6th July 2010, 2:34 am

descriptionRe: I have a browser hi jacker6th July 2010, 2:43 am

descriptionRe: I have a browser hi jacker6th July 2010, 4:39 am

descriptionRe: I have a browser hi jacker6th July 2010, 4:51 am

descriptionRe: I have a browser hi jacker6th July 2010, 5:13 am

descriptionRe: I have a browser hi jacker8th July 2010, 12:42 am

descriptionRe: I have a browser hi jacker8th July 2010, 12:45 am

descriptionRe: I have a browser hi jacker8th July 2010, 1:05 am

descriptionRe: I have a browser hi jacker8th July 2010, 1:06 am

descriptionRe: I have a browser hi jacker8th July 2010, 1:07 am

descriptionRe: I have a browser hi jacker8th July 2010, 1:08 am

descriptionRe: I have a browser hi jacker8th July 2010, 3:59 am

descriptionRe: I have a browser hi jacker8th July 2010, 8:20 pm

descriptionRe: I have a browser hi jacker8th July 2010, 9:15 pm

descriptionRe: I have a browser hi jacker8th July 2010, 9:25 pm

descriptionRe: I have a browser hi jacker9th July 2010, 2:47 am

descriptionRe: I have a browser hi jacker9th July 2010, 1:17 pm

descriptionRe: I have a browser hi jacker9th July 2010, 8:46 pm

descriptionRe: I have a browser hi jacker9th July 2010, 9:55 pm

descriptionRe: I have a browser hi jacker9th July 2010, 11:04 pm

descriptionRe: I have a browser hi jacker9th July 2010, 11:05 pm

descriptionRe: I have a browser hi jacker10th July 2010, 12:47 am

descriptionRe: I have a browser hi jacker10th July 2010, 2:22 am

descriptionRe: I have a browser hi jacker10th July 2010, 3:31 am

descriptionRe: I have a browser hi jacker10th July 2010, 5:23 am

descriptionRe: I have a browser hi jacker10th July 2010, 6:33 pm

descriptionRe: I have a browser hi jacker