MS Removal Tool Problem

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

MS Removal Tool Problem1st May 2011, 2:52 am

Ok heres the deal. I was fallowing your instructions on how to remove the problem
step 1. under my connections tab in Lan Settings, the box for using a proxy server is unchecked. so i moved on
step 2. when pressing f8 the option of starting safe mode isnt there, it shows something about choosing from different drives.
step 3. when i try using the malwarebytes program (the site would't come up so i found another download site) the ms removal says its infected, so i read that you told others to use a OTL program, so i tried that but ms removal also says that is infected Can't Believe It

i am very unsure of what to do please help
if it helps i am using a windows xp system
if you need more info ill try to help if i understand what you need thx!

Re: MS Removal Tool Problem1st May 2011, 4:52 pm

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
MS Removal Tool Problem DXwU4

Re: MS Removal Tool Problem1st May 2011, 5:55 pm

It won't let the program run, it keeps telling me its infected.

Re: MS Removal Tool Problem2nd May 2011, 4:59 pm

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

Please Download Rkill.com. Save it to your Desktop.
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.

NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try using OTL now.

Re: MS Removal Tool Problem5th May 2011, 11:30 am

Extras.Txt

OTL Extras logfile created on: 5/5/2011 7:17:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\teresa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 40.11 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 9.29 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

Computer Name: TERESA-6ADA04CE | User Name: teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9355:TCP" = 9355:TCP:*:Enabled:bnvenzs
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{97DF1C46-FCCE-4591-9974-5A12CE667B9D}" = Tournament Maker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Be Rich 1.00" = Be Rich 1.00
"BigJon PCGames Config Wizard1.1" = BigJon PCGames Config Wizard
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Casino-Worldwide" = Casino-Worldwide (Remove Only)
"conduitEngine" = Conduit Engine
"Deal or No Deal3.5.x" = Deal or No Deal
"Deal or No Deal3.6.x" = Deal or No Deal
"Eastside UK Free Agent Utility - NHL EHM 2007_is1" = Eastside UK Free Agent Utility v2007.2
"Eastside UK pre-game Editor for NHL EHM 2007_is1" = Eastside UK pre-game Editor v2007.1.7
"Eastside UK saved game Editor for NHL EHM 2007_is1" = Eastside UK saved game Editor v2007.0.4
"Fish Tycoon_is1" = Fish Tycoon
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"vShare" = vShare Plugin
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Your Product1.0" = Your Product

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2011 5:54:21 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/26/2011 5:54:21 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/26/2011 5:57:28 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2011 5:57:30 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 7:24:17 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application ehm2007.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 1:30:52 AM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The server name or address could not be resolved

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 5/4/2011 11:52:39 PM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/4/2011 11:52:57 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 5/4/2011 11:52:57 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

Error - 5/4/2011 11:57:35 PM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 5/5/2011 10:14:43 AM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/5/2011 10:14:48 AM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/5/2011 10:14:58 AM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7023
Description = The Shell Support service terminated with the following error: %%1114

< End of report >

Re: MS Removal Tool Problem5th May 2011, 11:30 am

OTL.Txt

OTL logfile created on: 5/5/2011 7:17:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\teresa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 40.11 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 9.29 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

Computer Name: TERESA-6ADA04CE | User Name: teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
PRC - [2011/03/24 17:51:18 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/03 13:05:08 | 001,701,224 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV - [2011/03/13 12:49:40 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\04.tmp -- (fabhbuua)
DRV - [2010/09/07 20:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/16 23:09:48 | 001,611,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://swagbucks.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2011/02/24 19:35:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [aE31002OeLpD31002] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk = C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295982640796 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/25 00:48:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 13:53:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
[2011/04/30 22:32:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/30 21:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002
[2011/04/24 08:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/04/24 00:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Application Data\Google
[2011/04/23 23:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/04/23 23:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Local Settings\Application Data\Google
[2011/04/23 23:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/04/23 23:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/04/23 23:09:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/18 19:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/04/18 19:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Application Data\Canneverbe Limited
[2011/04/18 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/04/10 02:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\My Documents\My Received Files
[2011/02/03 16:54:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\teresa\Application Data\pcouffin.sys
[1998/04/26 23:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 07:21:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 07:21:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 07:14:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 20:49:58 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
[2011/04/28 22:17:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 23:08:53 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\teresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 19:20:36 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2011/04/18 19:17:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\teresa\Application Data\vso_ts_preview.xml
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 22:31:39 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/04/23 23:11:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 23:11:51 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 19:20:36 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2011/04/18 19:20:36 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2011/04/18 19:20:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/30 15:20:51 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 19:11:32 | 000,000,105 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2011/02/07 13:11:54 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\teresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/03 16:54:19 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\vso_ts_preview.xml
[2011/02/03 16:54:03 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\inst.exe
[2011/02/03 16:54:03 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\pcouffin.cat
[2011/02/03 16:54:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\pcouffin.inf
[2011/01/25 17:12:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/25 00:52:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 00:42:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 16:29:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/24 16:27:18 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/28 17:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,161,750 | RHS- | C] () -- C:\WINDOWS\System32\jjjzqn.dll
[2004/08/04 05:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Re: MS Removal Tool Problem5th May 2011, 6:34 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O4 - HKCU..\RunOnce: [aE31002OeLpD31002] File not found
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[2011/04/30 21:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002

:commands
[emptytemp]
[reboot]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: MS Removal Tool Problem5th May 2011, 7:45 pm

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\aE31002OeLpD31002 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Folder C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2718502 bytes

User: NetworkService
->Temp folder emptied: 680950 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: teresa
->Temp folder emptied: 1356614505 bytes
->Temporary Internet Files folder emptied: 1537850818 bytes
->Java cache emptied: 68691608 bytes
->Flash cache emptied: 196708 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 10769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17529025 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65359874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,911.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_153018

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\teresa\Local Settings\Temp\~DFC392.tmp not found!
File\Folder C:\Documents and Settings\teresa\Local Settings\Temp\~DFCB64.tmp not found!
C:\Documents and Settings\teresa\Local Settings\Temporary Internet Files\Content.IE5\LXFYKD1C\swagbucks_com[4].htm moved successfully.
C:\Documents and Settings\teresa\Local Settings\Temporary Internet Files\Content.IE5\LXFYKD1C\t26931-ms-removal-tool-problem[1].htm moved successfully.

Registry entries deleted on Reboot...

Re: MS Removal Tool Problem5th May 2011, 7:49 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: MS Removal Tool Problem5th May 2011, 8:20 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6515

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/5/2011 4:16:35 PM
mbam-log-2011-05-05 (16-16-35).txt

Scan type: Quick scan
Objects scanned: 130961
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\jjjzqn.dll (Net.Worm) -> Delete on reboot.

Re: MS Removal Tool Problem5th May 2011, 8:27 pm

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: MS Removal Tool Problem6th May 2011, 8:18 pm

ComboFix 11-05-06.02 - teresa 05/06/2011 15:48:59.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.234 [GMT -7:00]
Running from: c:\documents and settings\teresa\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\teresa\Application Data\inst.exe
c:\documents and settings\teresa\Application Data\PriceGong
c:\documents and settings\teresa\Application Data\PriceGong\Data\1.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\a.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\b.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\c.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\d.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\e.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\f.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\g.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\h.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\i.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\J.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\k.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\l.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\m.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\n.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\o.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\p.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\q.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\r.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\s.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\t.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\u.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\v.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\w.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\x.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\y.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\z.xml
c:\windows\gvcasinos.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-05 23:04 . 2011-05-05 23:04 -------- d-----w- c:\documents and settings\teresa\Application Data\Malwarebytes
2011-05-05 23:03 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 23:03 . 2011-05-05 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-05 23:03 . 2011-05-05 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 23:03 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 22:30 . 2011-05-05 22:30 -------- d-----w- C:\_OTL
2011-05-01 04:37 . 2011-05-05 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\aE31002OeLpD31002
2011-04-24 15:46 . 2011-04-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-24 06:12 . 2011-04-26 20:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-26 14:33 -------- d-----w- c:\documents and settings\teresa\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-24 06:12 -------- d-----w- c:\program files\Google
2011-04-24 06:09 . 2011-04-24 06:17 -------- d-----w- c:\windows\system32\Adobe
2011-04-19 02:21 . 2011-04-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\documents and settings\teresa\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2009-11-12 20:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\program files\CDBurnerXP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1998-04-27 06:00 . 1998-04-27 06:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-03-25 400760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-08 19573352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2011-2-24 1701224]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9355:TCP"= 9355:TCP:bnvenzs
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2011 11:11 PM 136176]
S2 pgnmeqn;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/26/2011 4:34 PM 1691480]
S3 fabhbuua;fabhbuua;\??\c:\windows\system32\04.tmp --> c:\windows\system32\04.tmp [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2011 11:11 PM 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pgnmeqn
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 06:11]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 06:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.ca/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
AddRemove-Be Rich 1.00 - c:\documents and settings\teresa\Desktop\games\Be Rich\Be Rich\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 16:00
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fabhbuua]
"ImagePath"="\??\c:\windows\system32\04.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-06 16:03:29
ComboFix-quarantined-files.txt 2011-05-06 23:03
.
Pre-Run: 46,766,415,872 bytes free
Post-Run: 46,989,594,624 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 10A0EB84AD706A5B7771AD7A73F64CAE

Re: MS Removal Tool Problem6th May 2011, 8:24 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Next,

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
KILLALL:: File:: c:\program files\Common Files\DAO350.DLL Folder:: c:\documents and settings\All Users\Application Data\aE31002OeLpD31002 Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9355:TCP"=- [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fabhbuua] Driver:: pgnmeqn fabhbuua NetSvc:: pgnmeqn
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: MS Removal Tool Problem6th May 2011, 10:28 pm

ComboFix 11-05-06.03 - teresa 05/06/2011 18:05:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.244 [GMT -7:00]
Running from: c:\documents and settings\teresa\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\teresa\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Common Files\DAO350.DLL"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\aE31002OeLpD31002
c:\documents and settings\All Users\Application Data\aE31002OeLpD31002\aE31002OeLpD31002
c:\program files\Common Files\DAO350.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PGNMEQN
-------\Service_fabhbuua
-------\Service_pgnmeqn
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-05 23:04 . 2011-05-05 23:04 -------- d-----w- c:\documents and settings\teresa\Application Data\Malwarebytes
2011-05-05 23:03 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 23:03 . 2011-05-05 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-05 23:03 . 2011-05-05 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 23:03 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 22:30 . 2011-05-05 22:30 -------- d-----w- C:\_OTL
2011-04-24 15:46 . 2011-04-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-24 06:12 . 2011-04-26 20:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-26 14:33 -------- d-----w- c:\documents and settings\teresa\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-24 06:12 -------- d-----w- c:\program files\Google
2011-04-24 06:09 . 2011-04-24 06:17 -------- d-----w- c:\windows\system32\Adobe
2011-04-19 02:21 . 2011-04-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\documents and settings\teresa\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2009-11-12 20:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

Re: MS Removal Tool Problem7th May 2011, 1:30 pm

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: MS Removal Tool Problem12th August 2011, 10:01 pm

man its been a while, ok heres the thing i believe that the ms removal thing has been removed but yesterday my computer started to act very slow and these popup things seem to show up that show hello4 on them and now when i try opening internet explorer it just closes before it can load. I am currently in safe mode with networking and this is how i am here now. Im not sure where i should post this and get help so i figured i would put this here and hope for the best thanks.

Re: MS Removal Tool Problem13th August 2011, 12:25 am

Hello.

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Re: MS Removal Tool Problem13th August 2011, 1:18 am

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 21:15:56
-----------------------------
21:15:56.875 OS Version: Windows 5.1.2600 Service Pack 2
21:15:56.875 Number of processors: 2 586 0x407
21:15:56.875 ComputerName: TERESA-6ADA04CE UserName: teresa
21:16:00.734 Initialize success
21:16:11.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
21:16:11.625 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
21:16:11.640 Device \Driver\atapi -> DriverStartIo 8433331b
21:16:13.671 Disk 0 MBR read successfully
21:16:13.687 Disk 0 MBR scan
21:16:13.703 Disk 0 TDL4@MBR code has been found
21:16:13.718 Disk 0 Windows XP default MBR code found via API
21:16:13.734 Disk 0 MBR hidden
21:16:13.765 Disk 0 MBR [TDL4] **ROOTKIT**
21:16:13.781 Disk 0 trace - called modules:
21:16:13.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x843334d0]<<
21:16:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8437b558]
21:16:13.843 3 CLASSPNP.SYS[f759005b] -> nt!IofCallDriver -> [0x842d0148]
21:16:13.859 \Driver\atapi[0x843cf7c0] -> IRP_MJ_CREATE -> 0x843334d0
21:16:15.906 Scan finished successfully
21:16:54.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\teresa\Desktop\MBR.dat"
21:16:54.203 The log file has been saved successfully to "C:\Documents and Settings\teresa\Desktop\aswMBR.txt"

Re: MS Removal Tool Problem15th August 2011, 8:05 pm

According to the forum im supposed to bump this after 2 days with no reply Smile...

edit: its been 4 days now (any idea what i should do?)

Re: MS Removal Tool Problem19th August 2011, 12:19 pm

ok a weeks gone by i hope that means that i can re-bumb it.
any news on what i should do next?

Re: MS Removal Tool Problem20th August 2011, 5:15 pm

Not sure where he went...re-run aswMBR and post a log please, so I can verify the infection...

Re: MS Removal Tool Problem20th August 2011, 5:46 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-20 13:36:48
-----------------------------
13:36:48.625 OS Version: Windows 5.1.2600 Service Pack 3
13:36:48.625 Number of processors: 2 586 0x407
13:36:48.625 ComputerName: TERESA-6ADA04CE UserName: teresa
13:38:08.781 Initialize success
13:38:41.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
13:38:41.578 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
13:38:41.578 Device \Driver\atapi -> DriverStartIo 84b2731b
13:38:43.796 Disk 0 MBR read successfully
13:38:43.796 Disk 0 MBR scan
13:38:43.796 Disk 0 Windows XP default MBR code
13:38:44.328 Disk 0 scanning sectors +488392065
13:38:45.218 Disk 0 scanning C:\WINDOWS\system32\drivers
13:40:51.625 Service scanning
13:40:54.750 Modules scanning
13:42:05.359 Disk 0 trace - called modules:
13:42:05.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84b274d0]<<
13:42:05.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bd0030]
13:42:05.359 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> [0x84b39810]
13:42:05.531 \Driver\atapi[0x84bcc030] -> IRP_MJ_CREATE -> 0x84b274d0
13:42:05.531 Scan finished successfully
13:43:19.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\teresa\Desktop\MBR.dat"
13:43:19.390 The log file has been saved successfully to "C:\Documents and Settings\teresa\Desktop\aswMBR.txt"

edit: I should include that when im not in safe mode, i can hear the sounds of different ads while nothing is open.

Re: MS Removal Tool Problem21st August 2011, 5:55 pm

Gotcha...let's check with a different tool...

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1
Link 2
Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

Re: MS Removal Tool Problem21st August 2011, 8:08 pm

Re: MS Removal Tool Problem22nd August 2011, 8:37 pm

That is not a full log. Please re-run it and post a new log...

Re: MS Removal Tool Problem23rd August 2011, 12:39 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 86):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0x84F5F000 \WINDOWS\system32\KDCOM.DLL
0xF79E3000 \WINDOWS\system32\BOOTVID.dll
0xF7580000 ACPI.sys
0xF7ACF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF756F000 pci.sys
0xF75CF000 isapnp.sys
0xF7B97000 pciide.sys
0xF784F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75DF000 MountMgr.sys
0xF7550000 ftdisk.sys
0xF7857000 PartMgr.sys
0xF75EF000 VolSnap.sys
0xF7538000 atapi.sys
0xF75FF000 disk.sys
0xF760F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7518000 fltmgr.sys
0xF7506000 sr.sys
0xF74EF000 KSecDD.sys
0xF74DC000 WudfPf.sys
0xF744F000 Ntfs.sys
0xF7422000 NDIS.sys
0xF7408000 Mup.sys
0xF795F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF739C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF798F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF763F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF764F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF765F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7379000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7351000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF78E7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF766F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7907000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7917000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF767F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF733A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF768F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF769F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7967000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7329000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76AF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7997000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B31000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF72CB000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ACB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B35000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF790F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B3D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B41000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7937000 \SystemRoot\System32\drivers\vga.sys
0xF728F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7B45000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7957000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7977000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A5B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF725C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7203000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF71DB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF71B5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7193000 \SystemRoot\System32\drivers\afd.sys
0xF76FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7168000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF70F8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF771F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7018000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B53000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A83000 \SystemRoot\System32\drivers\Dxapi.sys
0xF792F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C0B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF6D00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6AFC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF6AA4000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 17):
0 System Idle Process
4 System
356 C:\WINDOWS\system32\smss.exe
408 csrss.exe
432 C:\WINDOWS\system32\winlogon.exe
480 C:\WINDOWS\system32\services.exe
492 C:\WINDOWS\system32\lsass.exe
644 C:\WINDOWS\system32\svchost.exe
732 svchost.exe
852 C:\WINDOWS\system32\svchost.exe
924 svchost.exe
1004 svchost.exe
1412 C:\WINDOWS\explorer.exe
148 C:\Program Files\Internet Explorer\iexplore.exe
228 C:\Program Files\Internet Explorer\iexplore.exe
320 C:\WINDOWS\system32\ctfmon.exe
1436 C:\Documents and Settings\teresa\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`e2e8fc00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725025VLA380, Rev: V5DOA7BA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Re: MS Removal Tool Problem23rd August 2011, 11:20 am

Very good.

Please download MySystem-Search from one of the following links:

Download mirror 1

Download mirror 2

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Re: MS Removal Tool Problem23rd August 2011, 10:12 pm

MySystem-Search

MSS v1.7

Basic System Information

Username: teresa - Date: 08/23/2011 - Time: 17:48:22

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 15 Model 4 Stepping 7, GenuineIntel
Total processors: 2
Computer Name: TERESA-6ADA04CE
Logon Server: \\TERESA-6ADA04CE

CD Emulation Drivers running?

Peer-to-Peer applications?

Security Tools Check

Malwarebytes' Anti-Malware

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

PROCESS PID PRIO PATH
smss.exe 356 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 408 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 432 High C:\WINDOWS\system32\winlogon.exe
services.exe 480 Normal C:\WINDOWS\system32\services.exe
lsass.exe 492 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 648 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 728 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 848 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 924 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1012 Normal C:\WINDOWS\system32\svchost.exe
Explorer.EXE 1420 Normal C:\WINDOWS\Explorer.EXE
iexplore.exe 2040 Normal C:\Program Files\internet explorer\iexplore.exe
iexplore.exe 200 Normal C:\Program Files\internet explorer\iexplore.exe
ctfmon.exe 288 Normal C:\WINDOWS\system32\ctfmon.exe
mss.exe 740 Normal C:\Documents and Settings\teresa\Desktop\mss.exe
cmd.exe 1396 Normal C:\WINDOWS\system32\cmd.exe
pv.exe 1400 Normal C:\Documents and Settings\teresa\Desktop\pv.exe

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xef4c9c06
ProfileLoadTimeHigh REG_DWORD 0x1cc61dd
RefCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xec3c365c
ProfileLoadTimeHigh REG_DWORD 0x1cc61dd
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-682003330-1788223648-2146976231-1004
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\teresa
Sid REG_BINARY 010500000000000515000000828BA628A020966AE741F87FEC030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xf1b15860
ProfileLoadTimeHigh REG_DWORD 0x1cc61dd
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

At1.job
At198.job
At199.job
At2.job
At200.job
At201.job
At202.job
At203.job
At204.job
At205.job
At206.job
At207.job
At208.job
At209.job
At210.job
At211.job
At212.job
At213.job
At214.job
At215.job
At216.job
At217.job
At218.job
At219.job
At220.job
At221.job
At3.job
At4.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
desktop.ini
SA.DAT

Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 909E-42D5

Directory of C:\Windows\System32\Drivers

Volume in drive C has no label.
Volume Serial Number is 909E-42D5

Directory of C:\Windows\System32\Drivers

08/17/2001 09:59 AM 3,072 audstub.sys
07/17/2004 03:35 PM 67,866 netwlan5.img
07/17/2004 03:36 PM 64,352 ativmc20.cod
07/18/2004 02:55 AM 129,045 cxthsfs2.cty
08/03/2004 06:31 PM 20,992 RTL8139.sys
08/04/2004 02:29 AM 57,856 atinbtxx.sys
08/04/2004 02:29 AM 327,040 ati2mtaa.sys
08/04/2004 02:29 AM 56,623 ati1btxx.sys
08/04/2004 02:29 AM 12,047 ati1pdxx.sys
08/04/2004 02:29 AM 13,824 atinmdxx.sys
08/04/2004 02:29 AM 14,336 atinpdxx.sys
08/04/2004 02:29 AM 52,224 atinraxx.sys
08/04/2004 02:29 AM 11,615 ati1mdxx.sys
08/04/2004 02:29 AM 26,367 ati1snxx.sys
08/04/2004 02:29 AM 13,824 atinttxx.sys
08/04/2004 02:29 AM 28,672 atinsnxx.sys
08/04/2004 02:29 AM 63,663 ati1rvxx.sys
08/04/2004 02:29 AM 104,960 atinrvxx.sys
08/04/2004 02:29 AM 30,671 ati1raxx.sys
08/04/2004 02:29 AM 31,744 atinxbxx.sys
08/04/2004 02:29 AM 36,463 ati1tuxx.sys
08/04/2004 02:29 AM 29,455 ati1xbxx.sys
08/04/2004 02:29 AM 34,735 ati1xsxx.sys
08/04/2004 02:29 AM 63,488 atinxsxx.sys
08/04/2004 02:29 AM 21,343 ati1ttxx.sys
08/04/2004 02:29 AM 73,216 atintuxx.sys
08/04/2004 02:29 AM 452,736 mtxparhm.sys
08/04/2004 02:29 AM 11,295 wadv08nt.sys
08/04/2004 02:29 AM 11,807 wadv07nt.sys
08/04/2004 02:29 AM 11,935 wadv11nt.sys
08/04/2004 02:29 AM 11,871 wadv09nt.sys
08/04/2004 02:29 AM 22,271 watv06nt.sys
08/04/2004 02:29 AM 25,471 watv10nt.sys
08/04/2004 02:29 AM 166,912 s3gnbm.sys
08/04/2004 02:29 AM 1,897,408 nv4_mini.sys
08/04/2004 02:41 AM 1,309,184 mtlstrm.sys
08/04/2004 02:41 AM 126,686 mtlmnt5.sys
08/04/2004 02:41 AM 180,360 ntmtlfax.sys
08/04/2004 02:41 AM 13,776 recagent.sys
08/04/2004 02:41 AM 129,535 slnt7554.sys
08/04/2004 02:41 AM 404,990 slntamr.sys
08/04/2004 02:41 AM 95,424 slnthal.sys
08/04/2004 02:41 AM 13,240 slwdmsup.sys
08/04/2004 02:41 AM 220,032 hsfbs2s2.sys
08/04/2004 02:41 AM 685,056 hsfcxts2.sys
08/04/2004 02:41 AM 1,041,536 hsfdpsp2.sys
08/04/2004 02:41 AM 11,868 mdmxsdk.sys
08/04/2004 08:00 AM 646 gmreadme.txt
08/04/2004 08:00 AM 55,936 nwlnkspx.sys
08/04/2004 08:00 AM 12,160 mouhid.sys
08/04/2004 08:00 AM 125,056 ftdisk.sys
08/04/2004 08:00 AM 12,032 ws2ifsl.sys
08/04/2004 08:00 AM 31,360 atmepvc.sys
08/04/2004 08:00 AM 5,888 rootmdm.sys
08/04/2004 08:00 AM 352,256 atmuni.sys
08/04/2004 08:00 AM 12,032 riodrv.sys
08/04/2004 08:00 AM 12,032 rio8drv.sys
08/04/2004 08:00 AM 11,648 acpiec.sys
08/04/2004 08:00 AM 7,680 mcd.sys
08/04/2004 08:00 AM 58,112 vdmindvd.sys
08/04/2004 08:00 AM 21,376 tsbvcap.sys
08/04/2004 08:00 AM 4,224 beep.sys
08/04/2004 08:00 AM 63,232 nwlnknb.sys
08/04/2004 08:00 AM 51,712 tosdvd.sys
08/04/2004 08:00 AM 4,224 rdpcdd.sys
08/04/2004 08:00 AM 4,736 usbd.sys
08/04/2004 08:00 AM 34,432 rawwan.sys
08/04/2004 08:00 AM 16,512 raspti.sys
08/04/2004 08:00 AM 32,896 ipfltdrv.sys
08/04/2004 08:00 AM 13,952 cbidf2k.sys
08/04/2004 08:00 AM 18,688 cdaudio.sys
08/04/2004 08:00 AM 12,160 fsvga.sys
08/04/2004 08:00 AM 3,456 oprghdlr.sys
08/04/2004 08:00 AM 8,832 rasacd.sys
08/04/2004 08:00 AM 262,528 cinemst2.sys
08/04/2004 08:00 AM 17,792 ptilink.sys
08/04/2004 08:00 AM 11,776 cpqdap01.sys
08/04/2004 08:00 AM 4,352 wmilib.sys
08/04/2004 08:00 AM 7,936 fs_rec.sys
08/04/2004 08:00 AM 4,224 mnmdd.sys
08/04/2004 08:00 AM 12,032 nikedrv.sys
08/04/2004 08:00 AM 14,592 smclib.sys
08/04/2004 08:00 AM 2,944 null.sys
08/04/2004 08:00 AM 3,328 pciide.sys
08/04/2004 08:00 AM 5,888 dmload.sys
08/04/2004 08:00 AM 3,440,660 gm.dls
08/04/2004 08:00 AM 6,784 parvdm.sys
08/04/2004 08:00 AM 12,416 nwlnkflt.sys
08/04/2004 08:00 AM 10,496 dxapi.sys
08/04/2004 08:00 AM 32,512 nwlnkfwd.sys
08/04/2004 08:00 AM 3,328 dxgthk.sys
01/07/2005 09:07 PM 145,920 Hdaudio.sys
10/14/2005 02:10 PM 58,560 ativckxx.vp
02/08/2006 08:44 PM 1,114,674 ativcaxx.cpa
02/08/2006 08:44 PM 929 ativcaxx.vp
06/17/2006 01:40 AM 45,056 ati2erec.dll
06/17/2006 02:09 AM 1,611,776 ati2mtag.sys
06/17/2006 02:55 AM 29,616 ativvpxx.vp
09/28/2006 10:55 PM 77,568 WudfPf.sys
09/28/2006 11:00 PM 82,944 WudfRd.sys
10/19/2006 12:00 AM 38,528 wpdusb.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 12:39 PM 20,480 secdrv.sys
04/13/2008 12:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 17,152 usbohci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:16 PM 141,056 ks.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
10/20/2009 12:20 PM 265,728 http.sys
11/12/2009 04:48 PM 7,168 StarOpen.sys
11/18/2009 11:16 AM 1,691,480 Ambfilt.sys
11/18/2009 11:17 AM 1,395,800 Monfilt.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
09/07/2010 11:20 PM 6,141,544 RtkHDAud.sys
11/02/2010 11:17 AM 40,960 ndproxy.sys
12/20/2010 09:08 PM 20,952 mbam.sys
12/20/2010 09:09 PM 38,224 mbamswissarmy.sys
01/24/2011 07:15 PM disdn
02/03/2011 07:54 PM 47,360 pcouffin.sys
02/16/2011 09:22 AM 138,496 afd.sys
02/17/2011 09:18 AM 357,888 srv.sys
02/24/2011 10:47 PM UMDF
04/21/2011 09:37 AM 105,472 mup.sys
06/24/2011 10:10 AM 139,656 rdpwd.sys
07/08/2011 10:02 AM 10,496 ndistapi.sys
07/15/2011 09:29 AM 456,320 mrxsmb.sys
08/12/2011 01:30 PM etc
08/21/2011 01:31 AM .
08/21/2011 01:31 AM ..
280 File(s) 37,665,216 bytes
5 Dir(s) 28,383,670,272 bytes free

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
PrivDiscUiShown REG_DWORD 0x1
ZonesSecurityUpgrade REG_BINARY F06286E4C6BCCB01
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
SyncMode5 REG_DWORD 0x4
EnableAutodial REG_BINARY 00000000
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
5 REG_BINARY FBBAFB828C78456DC94A84B1101CB611697BE663E4AA6918D5CCC418CE013BBF19E12B05FB925F08BFAC48988D1C71144663A87FF42377E7705E57FBB31553621A362969E390CF24F557A1B1CF907CABA47D
4 REG_BINARY 52BC0647079017401783837695E2D89F7D9A6D0870B1D7DDBA5D40C57E4877E380388D2EB7793C8DF5604FF0FC9E73E0E306BDBD9201F0D910BA3F352E6BE5143BE33557EB372021CF2757A5161A66D1C5C2DADC2EF097556BE855EB7372C490DCC6738C9A8BF4A0FC5A245D9940C980422CF4332459BA53E6860D298EEEA23A9A34788F67CD4A34A4A21024F09D0592C12D64243041ED5DA91323C52F7C29F1FA2404524E14714BA7A09B06A175A0D7CEF57485B815866657A01D5F1132E7E083EBB1A56C58B8D1EE48629F0CB46EBCD019606903EDA461435215A795AD688DA57E57796B8A369D54B5D73281D403A0B810A78E3D05B903C8CE1877C4DC38E59A44D77E54555EE0161158C1278D3F7F72AA5A98DF5985ED2B18C07BF183B79832DCC65E0154B0D42C88A24EBC269FEEBC2C3D3B9F7150C1164E17108284DF9A1131716E54D816652C55AC2588F275D154C9BDE3F2D63FDF2EECEC2AC4DD1C4DEC2D22FD5328A0E9104A2E97932630AF4FCB7D3C12F63EAF94B90C50D764A97F9223758811A23D91923012B3438A944C58196D0463F23449DF74B6F64012D0A7D8E1F6A0D01C50137451CF0178ED410AB7476D8B2B62C86866CE7E9AC0E124673158186CC6C102259271AACACA67215329198F196E4398E4CBB6FDFD8494B8977E695685DE245834EA42CCCAE49DB51CDE32F7534DD51647D47E327750092E61A94D58D9D6F76171EC47CC6CE73CBA2F955E412A7134ED55AE88ECB14743EF72E814FC67CCFDE14141E564E23A1315694D8D137CFE80CCFB0FE2ACF86E9EC72CB0A2EF46372965203857ACD26063D2A3AC8FF70F3E0C6C01116A1C27B987D60F27D1CD5262AF2321B158971E09ACAE6C4E4D38A0AC79271B24A6C3B1EE757DED123D98ADA9062328D94E84985FEB8239C12901F2D60A88BDAC93DDE746F546C3CA34BE92C56924E452B45280E924D406501DD127FF90FDD1A6B4B28DF4D105B25AA9956F6733E8FF357D1AAE897EF1986696AFAE4A5523659D97855FD75097FFE7ADA9BE29511629C2650CDA6DF026FDAB8D1C9BA1A1FFAA4BD16B5BCB15F033995FDFA16B108222EAD108B5542014FBAEA175E925146021DAE6410EAF30AB887763ED12774508D7FABD286D745A15DE4B360908ECFBA73809229CE6F6FAA6BB8317139855901E24FF0FB3653CBEC1510C22CBE008CE6F367796AE5ABC9910275B95767F9C86520A4FF8A5A1DA3C298115506765421338123A8A6A27F6759781D2DC846A92EF0C7FC87519EDA010BEE3CABF6DD80966216E5ECCFB532B02D5B4E526489DC8ACF691E1C8F2F73A5C3B12B8B8DF3930D4FBE82BB75499FAE2878508960410B15560E56BEE3F710C86F0E498FFF059264832D5D1D7154AA82ACFE4745C8FE3DF437607954B7D4E25AC1E50DE62F7D5875B41570CE1E05150E61AAA76198E4500FA4483EB289F1112864FFF48FB9A0FC1BBFD053DA79A6CA202C55149E3389404D5B70B14C497E95E98AE05BE744C75538BCB61C47778D7659C733C7A145E86997115E7B3C67E92A87E414D04349A243CEE7978F2D06CAAB4A8DE81C9820CF35422178CC400B8B5109903546B276A7DDD3596308E258151A8FD66A1E448D2C64528460880A0DBCABF7CDE08DF6FD0E10DCA16B345EC15FCC4C1102C76CA3EF581ED95980E47EAA6403E8FED90DEC384666BFACE5109AE69AD9930B962565B3AB915624BCD5AA2C9E7229D8EC8BEF312B50978D803C4D1B746A5977D629E0377DC18BC2CC7877B8DCD6DA61D8CF39AD209083C6460D504EA53FC391D12A6BA05AE6CF240FBCF4F29EA18171B0CC899E6B7E9A846027C7EE5D09DAC3272711D3788541A7DAB9425E704695F44C050A66E61D0D507FFBE26EAF091578A8889767F270A974052E4E0283E11D1C87E11FC8681F80D41E90B53C0F4C6A09654FB60C9607A8721DD9748BF7714F50E0517E2C2884BBDB36BE7E942FE1C208002BEF3585C770C4030DC6DEC5A5EB1EF29CCD4C7639707FE16134B8F73D6EF3AE2F20C5383524DE5CC23598F4EB0D211F3C2E29841833A0FF969B89D2C412DD01AD00F63585D9E41972234D1DBA72E85986A74F55217808F5EF191D05D9AB5E68FD6812F5A8694A598791F524C8BCC395272435A5858FA5D3AA7303E3753364D8631D3D718B3F30D91130BDE14DEC13B26077549811616929998EE26932BF586FE4E96A591FEEB4716BC83B0F13E38B7A6016E0CAFB455194C41590E9A06530C7ED7BE4D9BDBA091D344F3E3D6BFCD2F46C1AD2F255E5574BBDE0C7649A7F7CF319890F07C2271E8C70CAB4220E02F60CEFE337D84A368305CD28BEE35A56856077D86267DA06B6B4D76E320799BEE78F79ED31D89BDF2FF4BF8AE25E0925D84698D0E52275E8F127BC15F079D3728F7C64EB64574345896BC8D0BF6FF7FCFA911083D76C3621AD04297C5AA1FBACA1A1831416722D0EE349BE7BCE47B7949EB5AAD3304A1BCD6AA475035DF453FF68D4827E1BADBCC9B68AA571B7F0CA4B7EE279FD0726B6458E6701B2B4B973D9A8A8B3E0C2037DD646EEBFA156742E196FDE9B08D13DFEA21E6A1A4B124F7DD915E6466BCCF8E66F25CDF3DFC5312FBF4E7918292FC83F0BEEBFDB414863DBFEE27094E2DECC377BDC746F95AA36D9AF4E19053C7FE1A77512E7D87FF9BC285D3619F774E35A01E681C4D346B45E56133755BAE305E81D58659A771FFA4837D7E1032E6E080833F485E8395B8D3B106E8D8E422A4483AB3EEE1048751C6BD8FFDD560DC7843D0F464C7CD8C222DFE08568AE0B8B7F52D4D07F8D096FB7D8CCDAF3DDF0C14EAA2839BBD563D19A9B4BEB0078730AEE0A06B49AE06B34C064B8640C3A0B486F006C92035A662690E3F2FABF30E086BE50292B54EA485B43F01C4E45D820B97A21AC0FF773C7C0FE8460AD555170C51397C3D893872244F4E48B4101BF1A8A1F36904F580D702FFCE293C418D228DD7C2884283E9094D33A383384208795DE6C1B93B1ABDC75CF5B6B84733F2887007594F18E9D991C48E6295BA9D088261C45731A1D6C6A6E36CE3F3A30BAA699393C45F290582F784B865D5FD567F39A236D989B08575D482CDEEAE3B06B186CBEE3B520DE611AEE90A27DF5240FA9983E2FE1146C911248B6FDDD335E48CB28AFDBA1B4DB592C4B6EFCF42D21D5D627E04C7BA84CC8E5CFE550EF5132928A3F4797F642136E0D65FFC2E3D327EF56E63EC5337CC960C8B940DD7FC55F82147701D79175D0171C3B4EE6A0431A7204CDA2C9B3D9FC2318884667102AA60D533547D6EBD223D49BFC5008BE3F0435D323098B08557785F749E7301D62074385030182DF41AAB4E3D973DBADA86A74FA73B5E5D91AC2F6ABF2B6234968EDDAC8334F4FE80469657EC26EE3E55ACE807361B88FC7803FF5E4595E228EFB54377051DFE20961FD923BC39E75200400A3103D347B38334CB3C2101F1F9FB6BAAAB674F8F023D969B7F24AC7ED94BA96C773C32EAC63A5BBCB35D7BD07E867B9CB04F2D0EE322260446064E5B4367CDE84B6D248CB1234310B3DCD6A8606CB966177BBA9C077ED3EB4938F4F78DF4D8890F8F937FFFB859185C9BB5EE3493C21B059251AF3C7F86386C31C5DCB6EBA2D93B698E761A461B2284F23DAB077A5E8A233B4D1BD85B9686CE9920D3D1A0B19A54FEED1E827B1C28F77C14649F148638C0ECD27EE14206B5B98FFB5C2DA7D2700B48A72BB82C03673B727D53DF3BDB41031A1F7B8D44277FC75E731A71752D878450CACA6E601401771BBE84E8C7AC60BDCCA6358EDE28644387F922A9C7AB91FF16BC12F6381189A958DE8EFCBB764438CE3018E72457915F81275789583301F2D7675080F6742447997E65FD7D44E2F40D41E00DA383C45F1F47E884BB4FA2D434E428841B8002E1CC9C3F1CB23A4E7DCFFC08DFB2BADCD661890E37E8FAF2977F0DE9FCFBC5D90276FE4B1EC13976468521BD9C6B27CAFC73A450AD2B1D2BDB775BA947FDBB997289F84F1C8AA0678ECEF584C31D3538D5FC96416224625A5234CEC54343A7EA7AA933D3423C3B6E63691603F10F99457724AB2161238A0D2A81EF72F8FB5998639C1FFA54E21B2CD5C6153D4CAD9BC04FF308BDE73468EC9E6A4BFDAE14315A41DCF83A3C275373F85BAAEACE4150ADF07049A71406CA239F99C6DE891125669E9BB413A5FDD31DB92EBC24ECAE6B176DA65ADEC52B02DFEB810CE59EA683EDFCDC47B9A15A8FE785D04F41C69099096E60EDA14D999E48175C17AFD636D992A09DEB159F3FB1F5EF3A36DDC10FD600D885BF8278671D080075183F71A19D22AB1F23FA8FFA43E9636814B97CA9323BE7A9F08E109656B49182D1C238AA5488B736A6B2AAAB9C36463B0C91D84DB7C8CE62478F23607A2FF4F66CCB64001485295FDDE2DFFEB17B89E5B784D93160706849CAAFC77AF4A849109539398CFA57998027B803D171322248791EC9763B54538ACA6D3595AEED95374DA09DEAE5EABEEDD0026D752E248C48773F7A073D40C28A3A7BF38981CC5B6AD962231D29D299B66269454822C933BCAB4756D5B9823644AC433BC9B9FE0D640E15353A00EEA3E80B88C57E3C9F2FDAF08500F76BF5F19C9A59C64DE948AFCEF5C6BACE46270D7C451A9C14A3A6624040ADBAFE6FA39FCF7C249F2D59D3D67B20DD7E7CE5215FDDF86277C8F49413DBA482FD2AF1A77DB4750A09FD7090EAEA7C6BEE0B6F3E0E2D0D8B889D470B06DC4EB31EE2D5F552A84EB3539CF3B0540BE4C6833EC134B48803D03156EF20F74FE37379233EF5A94366EC15918E9AA148F69B5F9D978475D38D05577BAF3B4D6AE40F5AD149FA1F8CECA917E1D8282CB57B50679C74A3784FF5316A360FDEA7BEAFBC92461696CC1CD3AFB6A6C1E5E7104503700A1D7AAA8EC4A079E07B19C415EEDA978F06475BADC944449F22DFF67458730ABC39A4D9C32FF58565B8688A0F040092D12581E4480CD2AFA8ED061385641A25EB7E2F9B2CD15571C836D13ACDD1FA30CD1985D933042FCA946D77DAACA64C2E999B24C9D89349ABA8D2E6E3AF6CCAF12761848AC8DE7BE1E27A4AAE34C9E4A80F91B11DFCAB6F584F93DAA08B59A2B51374ABD7F66B3D88C0F02FE789FD40697D66350507A08B687C5EA1CE07258911A47C0A793A53B1F68D1A72A2EE85BC472E889EBE0D2991142C79631ADA2A7C501EC0BAB0BD80DB0AE3E9E1B69A8F39F3C8D35C13E784194D7D0516405CAE222BBC5EDEE192B1CAD58C49D3B0DE1B02B0B6C56011142968E7F85959123F67C2CD68C3F21CC893988D41699FB18CDBC32DB795B32EC764C8E3A98C30B7CBF5950495C59367FB56839737AC5C8D0F25ADB2608E2A01DDF7058E598145DCBCB9C44D24DD7147D5E3A9925597A1EFB14B5352F691302D20CB6B098C6086E9D9CB02FB9D096BB5421A7FB2A27BEE00F871313646CD4DEA04DDF0B7B4CA8C8B71D49677C7E68918B66851D15F37201CEC8BC5F68BA34A6B528A7D765290EEEE4B820AA9A0F558B046CEFAD591E6707A30030AAF0B07BC3ECC762804C4FC10C379D40687D75D1FB31572409C16E86C0251C24232B06DF0EFF1405508DDA34BE6C47CBA0DE2F7613DE6D8A164C356345BB68D1C850C5B62A7966EE559D4B466072FBB36CA728C1A879D7B14C82A5ADE5180056FE876B3EBB72C29953B0B4ED68BC0D29E014A9B05B76A09EE3EF3447F9076CA2671442AF7C9857733979CEC5BF6B257CAA3D293EE0203D843D46CE37898DDB8D7B15B0C4504FA19B221CA4D4F0D655A7644550191F0EEF2C9D08E0BB0F3CA04D33FE09BAE60C8BD79AECDEEF1E459A5390AF093CC5901F3E2FE674F8F22BCA83964FFB74415814B870DF4533416A0C8A77766C68B904ED647AFA4B7A9D830D57D38181D4555419666F5C2156A8B28D677FCE3D4069D99E1393BBEF9D60A6986B2641CF71F480CB3FB532F08D7E442465B2FB28D73A88745C62FC5E79F8D4DF5CE10A9CE2826FCE0F76A378D70DB13006F8BAC5E2AA85496D864216386B610F289D93663DEE045B66B4CE8ED03D2014EEFA597C0CB777945F959F4B19DA4E31041CED6D426F4552A13901AD5BC6384AAD96F7F5E261BDB45F7F1C712D969A67F845B06AE6FDAB66957FCDDE73778409985D67CEBAC4E82311B4B00A8EC6EBF4D2F647E887E5F3BEC57337022447877B28960536022B0C2453F524748FCB16B199DE9151E458232736CBB88D2D3336B86B6D91E10056C1EAC6824CA984A52D3D56FE6DC9BDD94B4BE0B384628B022AD68C8393FB57BCC0D3957F09A2E68C7A97D5875FC3E39AD1DE269B6ED5AC9A4A246E8A92267C58840B55BECA66EE48AE829D5C9328CB14C5F8ACF23B977964561B88B1FC41FD68B708A96542D0A26F3050BDC3FBF35AFE509ACB936AFF87215DC061007980AB2D7E79073132D63C20E3F833CDD5FF98F5C80684ABF3455932CFAE95F8034A5FB1403F8E15F547E8726A3A464A557D4CF89EADA1D9E037ADE7E136A8BC03EF2701DD86F8417CE9253FCB3D0648AF3EFDE4906FCFA600DCD33C2167BACA1E8CC80EB6302924520BCB97D697576CC7E996013976B56598FACDCE4F095D344DC86B9F56E0B8E13E0B22521494EB89CB40E0DE8F7C97D2368E347BF40FBDF0D4ACE3D9C81F14F31FFFB38C614D9705B2E1474C328F6EB859815C1B886695B8C56B03AF3A493FF9125838C0D56D15DFCD59638A3DE2BE1FE1728147CDDE6BAD81C9AED6F065A2D8373041570A04A6402BE07F8642C41160997FC09059569FC99439275B3167DD2044B8CB69E6786F95A4B906B3DBB991E9371B37FFF7512E49A4348BFCAE51C7CFF7C9AFA67531F726F8C214E236E55BD0ECE7C4721A21A1ACC92E2EB64906764BE7EF8B3312AFAD94538FF47E19B02FD276EE1219780451BE5259999C0B986ABC09F2DDE25A6D6E2C55193665491A4D2F283D371305DF6E665816C294B7A4D7C99D1F25F9C9936E75966497E3583356CB96E4B8542E3C0C71B4BD39D3C1ECE6B3B373C8BD757BB0ADB1981F5ADAA02192C0DE1543E63D0262DB96580CEE2EA7C5711D2E6002ABEC78AB509D319D1C46FA0877799A72E4E4BE870A34BEAC780BFE05F067C6B82FC7526A8F86121B7F6FE9FCFE41481F82CF5914EA7C5864522E13AD105E87835F6B49B4BBC8432FCC7890B5364607B423D92CC939CD2C2CE8A39D0B84390319AE16F0B43D1778579629543198EF8A369FBBAF8911191116D05F837E0C9845D38D25C7D3B08E2D8D1062632E498E624BA84E04701998662371D62686CB7B7E1722FAE753C5A03EACBF31B8522453AB995F78CE253DBD94F66DC5F22AD948CFCBF7F866E1A95DBD5BFF0E47D7378783BDB0A56B3AE0A90E8BDD3BE58929580B005CB9778E2DF58735AE8ED9D5F39E8C27A0DF94A86F9A6F512BD4AECA75ADBCEF1ECEE7589413DDA068597FA88293149A70ACB47A7F88DC7BA5429CB45A6BD9D2A24A133E7C011DEBA68DF72BC907DCF5409D90067506DC6068B257DA7373FE6AA3895FF3F164AB4C3128590BCD730D6345951561E3304BA1123633FC6D84EC7DE6AB2A8C9FF57724E983125B63667BA72D44CCE47B602D9FBC0AAE387C5ACD7B6875E9560C47FE219D0A13DA835A0E644A14391F8C3BF8EF6F0716C61BA6550418B5B5B56140472B9B4E5FFDF1F130A73813F68428E560E50EEF9401D65A9B76DB47130E4055584986BD5C9303956B0600406C578DD6703FF28BB911CB80CD870D5D4E87EEFAA3BF36B8BC0D88EB0A6EC1D85BF121589A7586B3B58F209A22C5ABBA82E17514A7A30C4975E14ADBDE2C707BE58271D8DF830D05432A49A9FD84DC4BFC7C6801DB4F95E8032BB93E32860AFC218F08A389412F5C51C3D713F191024F4A70C28401F01FE55E702B3421807404FD751B7952F316AD20617D21EAA5ADCC52F6CAEF226F273B44BFA0D37C48D496D64F08AF7DF9B5F5ACEED29A7DD0CBFA16CCA4629FBFB7CB577EE5B965CDE3FD2C445DC947DB928B84DA59264D36E4DAE21F46756752C3C0E8477BF7ABBB6E92C8CB1535DC6776AFA5A4E16A6B4DC148A3888DD7407A8F09778E8EBF4764A99357805209CE3F0095B0FF9B1D25872222E11A2087D36E61C58206DFF13D5FA5C6481B3BDAC98A3544DF148FE16D11D5FA19DF4A69E595471465F54E29075E4D68776CC463C63D2C5DB344FFD0E39C85843EB608070795EA674F8BFCBB846727F3E853D51F83313C0930BF4686DA8CB86D0BCB02A0772F1B4BE3EF7D0CBEBD09AEED20673EEFFA8FDD2A3CA585758CD7FA3783BB6BB7164393D4407E9261BF481016B355990EB45093891D9C9EBF6BFBE056A6A583EFA9D503BD1AD2091B0E0E9920DD9263824EEC52B5705E7CAA3BBBB595E899BD51B6CC742739D254E185307911EFE0A046E5F2CD5396AF076A4C6C96E9DD2CB430469530FF06D90CCECA89FE8AC72871A58618BAA9731A7B674B3C21210AC5E82C1201FD8D27B84C3BAAAD354D7F6A3C3BA316BB7255DAED12F61BAA30BBE0745AC68A24A2A6A88A8380C1A71F55AF393624271CD51CBF12ABEEABCF50E72B50D333699A73577484019D9C31DAAB5873CFA86665E0FD59AC4989BF358FA11455CDFFA729AD6B9761E82F547F6F5F1E1192D9AB1D723AA592CEA4360AEDA4F790B7B7BA7ED8B5AF94292CAB1AA58AA752A32F4B4FA1ED7E8E6BB3DF8867AEA5B32A213E71BADB49691A1A49108B0C8ECC045B0B1670D16E8914B75477BE151B40D2331BBBCD8F45D62A1E6E7CE89139FDD544E91E9E0313B57B42F63A776C5E077F2472182983CC01A17C1296686289AFA02E0B5C43FA8B9C1608F6375586DF9AE3EFE3CDBCC8DDDC9B14721F2D52D652A643FCB633CE19722F8D743CFB41333F81D7C6BCA20B513513F54188F515AC19E918B47CE69D0964E9673F14A98F153BD4BB20F6E8E4473B6DB584E06FFBFB5C1339781D7BCE4442FB7258BD6D0E7133B38DBDF63973687C6AE49F1F4F9F44ECB3548FA398742B67B840B272C99411C4A0276DC4D0CDD1BC1D2FE2C166FCAA8526B5845B93E24E3C06C7EE3B5A4CE80B068899358C0206A4D50136216217E19F3D3BB8BCA9138C90EDF4C3C46BCA265E02034FE1CC9F438BE477A9E9BE44AFE49CE2E697970530E784422E55725CB7E706FCE1C1CC28CF3584801A3B327A0FE7D3A43F1A004D47FC936B467646DCAD3C9DA61F2169273D7FA0D540D0EB8BFDF4F6D22C3D1414A2A3F82B26D0FD6E6B117F7868CF6A0EC3CE3807525C1EB0DF59C03B74C9EA29EBA8B213E57FE19722935FB360BC20DF164B625DA61E22020A530498BA25F408C59EEE66AB5F63F894D87E68D45BB327C059A100B5F02B9066C091BA450A8031ED105CC4078CC16CB82A7719412B7922596325DB247B47170A376B3595765135C814EB3CCAAACD060C58CC2164DB779867AEE89FB4DA19F58C8F4AFF7EABDCD3176F8EDDA66F5F2F20AF51821DE95813BF1D47822E7A319A3AA0514E6B6F9F1C82C9DA29A4B820DC988F99E91EF0A15003320D7CC0C153EE3161089B444085BAEC037585F17211C5ABCADC3A9D5821A215821843DDB2229C85BF467A7FAA1C5CD25FF65B54F26F42CC3F94823BD5AAD1E6E4FFD05AEBED705754A1A0B79DF6E4B8AEDD246DCB0927451EF4D965B094FF37563796773E90BBA6A1B397915EEEA5085BDC32177A73625443BF669752A70BA8B33A1820F09355AFC702E6D1812F80F98B5A575A0198010ED05F7FF9C510B9D3264F72D5C2F01F14F3734EF166484BBC60AE10FB98F2B101166E777E7FF6AF387D01A5588F590772850CCCD89DFA16063DA7BA630A847A4DD02ABEC78FE09A7F7E7F928AFB7391C3BA2D3764344332CC31C76C31D3FC465ED720009914599E82A3B1437BB747BA6555791AF726331740ECBB263BA88501B1F26A0D70727901239D70D5B6F32CE8BA8ED1A5EDC2993682E738AC2A3097DE7861C39514C4542B0E3A1F5FF39B67AC8FEF4490FC1BA502A1461BCB7FF6A3FA2B9D36CBC1CD9754F4910CDBDDB71A330B0F61E730F5912556CA1971FD8BF20B73C5285BC0F405AE3FCA178951C4DBFAC7192300518406088565DDDEFCDDAB463AAE1CDDFC6E222E2F673B42FE4C46BD6EA0638420D37E76DBB482FF3942DC272906B0A9D740FF6273D08E8DFB8A29F441F4731134E746F14BDE3B1337F1D8653C605D6BFD6868294FC2B8D28AE4942B2B4E5F827F80D8D8DC0CA82A6C06A21990314DE6941040EC870D9D06D698A0815B6A9F9F6D4FD35F139B93EDEEC9D16E28FF298A7601328A80D0B259A4758A7BB48D3FBA5A79E64D9F0BFD655EDB739653D773531CBAFB8304972D5DB8408C781C7C480B79B608DFC8C279FC68F029EC3F5F19D517E18C9D49A8AB9CF9BD6F27308DA70E04FF0BE2064D0C0D0C590C3B11752CBAD407C33D73E94CB07BB67911B955B64ECD7E9BD64A0ED3554A4934537872790F20CB9691F5B86AE1823BB7F1F97D4C1D1E55E3056EB402CDA6E131219F0B3275EDD2C967649E368D80ADB34C5668E2522AAB1E9842ECE74C6007A47044C7ECE8593297F64AA51789781DC4D09C3D99F2F6B8CF6434DD01266AF4A64D105F0457847C3B1D54E93EEACBB7BCBEA016ECE1860E32B3CE24052B1D753A94A3B553CC109F399C040EC62F8D5C21F334D32B061CD09797265B260959F790C28D843D48A5E91D28FD76C5D8542C971A023F1400B55405C5B99D32250238812FD27396DC2B6D1FB4308ED77F26043FECDBD1158579623A2F4335C7C769E7F201ADA582BA04C1DC454EED40587B1BC20902BA158F98604961B27A35A6593FAC9566BAF01B11621F5BBCF5F972DCF224A477363BAECD51567ECA49EF8BACD204F70F36CD2B116C7AD6071F5B517AF3DBB3AAA87A8F969925E30D62A947DFC64F61C7A6A80D3D8AAAFA0403703A4349B2DF6A18069D11206BD2EAD38288E57FCA635E08E0A9DC0E5DB6A32C744632EBE881895A112B505CC38AD5E520E8BC96227EDBEDB17D9101EDD28F55A7EC8AF07ACCF22A2622F6255716542FA8FCCF0DC7FB15341839C47856CC64A678A8F7BFA0EF5906227B80864064D6DBEBD744AA316D15A6CB732922E03BB988E187FB7F19A685CBB3760CA03C52C6F9721EB48403C9CE0536B4AD88A06463BEA321FD9B0EB63B286B7886E4C30F45C0E404769DC0E793B74007BEF5DDC097DE3577792B71F74A3892599D27B85A5E8D9D51F48B0009B18013B59E26CDCBA905D95D83B3944D61237F89C73AE95CE2DF4ABDCE1F9D257950EECCC503E1BC06C15E837C9A5E0BCBF42E20A6BA1683BA515860865851AFF416DB30BE62A8BDFA9AC63E1229C29E226A106F4B487D66B8220C355004658F3E559459567DC8721EBFAE456ABE4E74ABF20A0D9B223FD8C25D00C6CFAFAEC528FE98E0B22391DBA60C4100DB2440AFC43A3AAA57A503DC7A3BA6EB2CA5DDF0CFBF15A39897571A4FF5E94AC550C28F0AC817AB600C4B4335979BE51B51FFE84697D60308650578D2C2DCA29A79CF2AC57970B5C6904B5895A063A9E7C79AFD8608725C4D82D61A05B9C2460D348A176AE01D4933C3B4937E2C43F695640286360F6605DF95C5FBCACED07192509E197606B7FC88A1BFBC0B38F1FE02F000A54B1D1BABB437BA75FCB0CE4D5EC3451388FB66CB8D7BED6F063584B00FF3E01A6B308290B1937672A9B0A42288EABBC1600C4A5EDF1F8518B01F926F53C13248CB9572E2D9862B885CF5759DAD6A88C1B5E22E2EADAC5DCE6A54D704A97A2006D01A61EEA535409B8524F4BC12C3D36F8D29E32C41EB06CBDB5733E73A88F8872990F6071134FF0D8B43F65E53FA68BA7CCD31F75C92785D71353A0846F247B00FCB6DAB1728922228050144429807D24D45BDE74B638210241551F69362BAE3F6CAB7F26996F6F672EDB61E367DC2431657C8F4304179F3C6B0B6285AF81CEF839CAAF2D8114E8A23297465781CA970982180CEF12045E722609728ACA1469FD933A5481F57B10CF56E00D6924DD9E425085EE60F6EA286C12768AFD92DE3B1A02633879D9D308F9CEF29906611904D8C0D1D8E5956D3FF3B027C0621CB845512AE1F474651E512DF7F7CCDBCCD885CE1BA6E77FC73F0BA2ADBA2DAC22CB6E9C4F4B91D7C9EEA4AB8633EB9E25FD37BBFE739EFFD1EBAA564F41D9598F8788E79D00B0E155C6A7B25269D0BFF50ADCF7C05D7F41C6329D0D9E2FAD0B090E195B38BED3E9C24B54306D26D61E8D2FCF4DADB9B78DC420B115E884967FCB6B5BE21F01FCF9C3CE369CD8264C6A8D095325BE8325FD5907D013417147FB81BDF1E829F73133CAD34C5D55009633320D24DBF87E0A4FFC08C77C19BC2FF4E45F767D606EE0E2B33051CB6DF83AC8A5733C55CF4FDAA8E962A3FC9F61D7730D82AB8E01A0B72F7B4AC1833262BC3FA5AD3B745C23F0331CA5C925BA119F48502899A3855759EB2AB718107D9ACDA9CC4C024707F029B57104065A240BEE38ED3F626842633494F24F65050C2B463D297C1D2A23A102EA2A0BE1273F90EE2486FEBAE0564D8624ECB091368A0E80F626419B3AB7A5D8B71C1B10B80179A768C0B2782738801D9ADB197D3611D4AFD13A1E4A7587AC10695CA82BC34664F2A8A5BC2BDDAC32493E25F70F0FF13213A7D736912CA05BBAD4DF9C79C9077605963281001BE81D5FADC6BDB0A79CCBC6BCFD6533322B648A790D2525AD76A4CD7348B9871C20E1BA76C94638A595F715F8F451FFC9E3CCAA21AD38CA9BE7B66F9D64567A214A65984770490CD83A97436B1B569CF0A473652549BDDA6F2C03A50FB5BE431ECE0CB74837BCACF40D12A1A44D5C6A82FB1EA032D1BF3CADEC81055F18FB6FE3D17DBEFFB3BE2A024C192E52E510DFD5C63A14549FE1F9B4BF6FC9C28EA4C80393
2 REG_BINARY 67454E8B14CD6B1FE72A918DD0BAA1C17C363074CBC7C09556B9E611DACC097E374777ABDF632A70E19CB0399C60BFBA4A135663508B5E88D1A93028AA
7 REG_BINARY 9D4BB6D8DF024B08E95F33F07860676CE7B2
8 REG_BINARY 747E3B615C9D072CB817979B7838F8C8E086C9C5E97D76677D7FDF6E7E91186D842844E71B07F0094BA214F9FD8C094D0C37240B84A40544941DE6A9
maxhttpredirects REG_DWORD 0x270f
1 REG_BINARY 422E4752FC

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://ca.msn.com/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300003A020000
NotifyDownloadComplete REG_SZ no
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY E6F1C60C8461CC01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY BD10E675E7BCCB01
Use Search Asst REG_SZ no
Use FormSuggest REG_SZ no
FormSuggest Passwords REG_SZ yes
FormSuggest PW Ask REG_SZ yes
AutoHide REG_SZ yes
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Check_Associations REG_SZ no
Error Dlg Displayed On Every Error REG_SZ no
Error Dlg Details Pane Open REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
SearchControlWidth REG_DWORD 0x12c
DisableScriptDebuggerIE REG_SZ yes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} REG_SZ
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} REG_SZ
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} REG_SZ Swag Bucks Toolbar
{30F9B915-B755-4826-820B-08FBA6BD249D} REG_SZ Conduit Engine
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
{8dcb7100-df86-4384-8842-8fa844297b3f} REG_BINARY 00
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} REG_SZ McAfee SiteAdvisor

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe REG_SZ C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup

Uninstall List

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Fairway Solitaire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-Gold Miner Vegas

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFGC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BigJon PCGames Config Wizard1.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino-Worldwide

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal or No Deal3.5.x

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal or No Deal3.6.x

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eastside UK Free Agent Utility - NHL EHM 2007_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eastside UK pre-game Editor for NHL EHM 2007_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eastside UK saved game Editor for NHL EHM 2007_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ESET Online Scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fairway Solitaire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fish Tycoon_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameBiz - The magical years_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jtceiksgfmbaooaw

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2079403

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2115168

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2296011

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2345886

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2347290

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2360937

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2378111_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2387149

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2393802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2412687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2419632

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2423089

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2440591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443105

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443685

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2476490

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478960

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478971

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2479943

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2481109

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2483185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2485663

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2503665

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2506212

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2507618

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2507938

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2508272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2508429

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2509553

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2510531-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2524375

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2535512

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2536276-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2541763

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2544521-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2544893

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2555917

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2559049-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2562937

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2566454

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2567680

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2570222

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888111WXPSP2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

Re: MS Removal Tool Problem23rd August 2011, 10:17 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971029

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9L

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975558_WM8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979402_WM9L

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980436

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981322

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981997

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982132

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982665

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag Bucks Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Product1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E6E30D-B498-442F-A943-07DE41D7F785}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08234a0d-cf39-4dca-99f0-0c5cb496da81}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216023FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76C24F39-B161-498F-BD8B-C64789812D13}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{787D1A33-A97B-4245-87C0-7174609A540C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9559F7CA-5E34-4237-A2D9-D856464AD727}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97DF1C46-FCCE-4591-9974-5A12CE667B9D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AA0000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2446704v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2478658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2518864

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2539631

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E68D186D-6B7B-4AD6-A56F-4C84763349F1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.102.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
EstimatedSize REG_DWORD 0x1800

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
DisplayName REG_SZ Adobe Shockwave Player 11.5
UninstallString REG_SZ "C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
DisplayIcon REG_SZ C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe,0
DisplayVersion REG_SZ 11.5.9.620
HelpLink REG_SZ http://www.adobe.com/support/shockwave
InstallLocation REG_SZ C:\WINDOWS\system32\Adobe
Publisher REG_SZ Adobe Systems, Inc.
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/software/shockwaveplayer/index.html
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x1

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ares REG_SZ "C:\Program Files\Ares\Ares.exe" -h
Bdeqey REG_SZ rundll32.exe "C:\WINDOWS\kbduscl.dll",Startup
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RTHDCPL REG_SZ RTHDCPL.EXE
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
ArcSoft Connection Service REG_SZ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Bing Bar REG_SZ "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
Microsoft Default Manager REG_SZ "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
iscpaxneweheclxv REG_SZ C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\pqbuqgvykvxeol.dll"
bipro REG_SZ rundll32 "C:\WINDOWS\$XNTUninstall643$\fbtil.dll",,Run
Fxehedox REG_SZ rundll32.exe "C:\WINDOWS\ocolivihanofowac.dll",Startup
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{020FFB25-A970-413F-9B70-DB8558A65AFC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{89581583-DC24-49CF-8B7A-B4AA9A2228AA}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B71FD397-12D3-4E2E-A8C7-2AC3815DBF50}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1DB4B87-A849-4170-9A5E-FB80B19CB0C5}

Windows IP Configuration

Host Name . . . . . . . . . . . . : teresa-6ada04ce

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC #2

Physical Address. . . . . . . . . : 00-16-76-34-3F-B2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.17

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Tuesday, August 23, 2011 5:45:10 PM

Lease Expires . . . . . . . . . . : Friday, August 26, 2011 5:45:10 PM

AppInit DLLs

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Shell Execute Hooks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

Image File Execution Options

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x1ec
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 10.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Chart Wars 3.exe
REG_SZ C:\Documents and Settings\teresa\Desktop\games\Chart Wars 3\Chart Wars 3.exe
Path REG_SZ C:\Documents and Settings\teresa\Desktop\games\Chart Wars 3

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
REG_SZ C:\WINDOWS\system32\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\teresa\Desktop\Combo-Fix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Promotion Wars 1.3.exe
REG_SZ C:\Documents and Settings\teresa\Desktop\games\Promotion Wars 1.3.exe
Path REG_SZ C:\Documents and Settings\teresa\Desktop\games

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RCT2.EXE
Path REG_SZ C:\Program Files\Infogrames\RollerCoaster Tycoon 2
REG_SZ C:\Program Files\Infogrames\RollerCoaster Tycoon 2\RCT2.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\tournaments.exe
Path REG_SZ C:\Program Files\ALJ Software\Tournament Maker
REG_SZ C:\Program Files\ALJ Software\Tournament Maker\tournaments.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
{B728AB94-9BC7-49b7-B76A-422BB31B2FD0} REG_SZ C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
msntoolbar@msn.com REG_SZ C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
{B7082FAA-CB62-4872-9106-E42DD88EDE45} REG_SZ C:\Program Files\McAfee\SiteAdvisor
{27182e60-b5f3-411c-b545-b44205977502} REG_SZ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
{86C2D201-AA1C-4959-85F0-08B2B27B1DC0} REG_SZ C:\Documents and Settings\teresa\Local Settings\Application Data\{86C2D201-AA1C-4959-85F0-08B2B27B1DC0}

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

Re: MS Removal Tool Problem23rd August 2011, 10:26 pm

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8F6E7FB2-E56B-4F66-A4E1-9765D2565280}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: C:\windows\Downloaded Program Files

FP_AX_CAB_INSTALLER.exe
freecell.inf
freecell.ocx
iewwload.inf
iewwload.ocx
OnlineScanner.inf
swdir.inf
swflash.inf
wuweb.inf
wwlaunch.inf
wwlaunch.ocx

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84e83274-28af-11e0-ac70-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84e83275-28af-11e0-ac70-fcf229ca9da3}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab32cdaf-280f-11e0-8ca7-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab32cdb0-280f-11e0-8ca7-806d6172696f}

Re: MS Removal Tool Problem23rd August 2011, 10:30 pm

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ TERESA-6ADA04CE
DefaultUserName REG_SZ teresa
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ teresa
AltDefaultDomainName REG_SZ TERESA-6ADA04CE
LegalNotice Text REG_SZ
ChangePasswordUseKerberos REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Re: MS Removal Tool Problem23rd August 2011, 10:33 pm

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

Code:
:files c:\windows\tasks\at*.job :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "iscpaxneweheclxv"=- "bipro"=- "Fxehedox"=- :Commands [emptytemp] [purity] [Reboot]
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re: MS Removal Tool Problem23rd August 2011, 10:59 pm

All processes killed
========== FILES ==========
c:\windows\tasks\At1.job moved successfully.
c:\windows\tasks\At198.job moved successfully.
c:\windows\tasks\At199.job moved successfully.
c:\windows\tasks\At2.job moved successfully.
c:\windows\tasks\At200.job moved successfully.
c:\windows\tasks\At201.job moved successfully.
c:\windows\tasks\At202.job moved successfully.
c:\windows\tasks\At203.job moved successfully.
c:\windows\tasks\At204.job moved successfully.
c:\windows\tasks\At205.job moved successfully.
c:\windows\tasks\At206.job moved successfully.
c:\windows\tasks\At207.job moved successfully.
c:\windows\tasks\At208.job moved successfully.
c:\windows\tasks\At209.job moved successfully.
c:\windows\tasks\At210.job moved successfully.
c:\windows\tasks\At211.job moved successfully.
c:\windows\tasks\At212.job moved successfully.
c:\windows\tasks\At213.job moved successfully.
c:\windows\tasks\At214.job moved successfully.
c:\windows\tasks\At215.job moved successfully.
c:\windows\tasks\At216.job moved successfully.
c:\windows\tasks\At217.job moved successfully.
c:\windows\tasks\At218.job moved successfully.
c:\windows\tasks\At219.job moved successfully.
c:\windows\tasks\At220.job moved successfully.
c:\windows\tasks\At221.job moved successfully.
c:\windows\tasks\At3.job moved successfully.
c:\windows\tasks\At4.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iscpaxneweheclxv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bipro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fxehedox deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 835986 bytes
->Flash cache emptied: 1976 bytes

User: NetworkService
->Temp folder emptied: 394578 bytes
->Temporary Internet Files folder emptied: 6717574 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 61406 bytes

User: teresa
->Temp folder emptied: 32420409 bytes
->Temporary Internet Files folder emptied: 27046865 bytes
->Java cache emptied: 6746979 bytes
->Flash cache emptied: 1168 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90899633 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39647188 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4297 bytes

Total Files Cleaned = 195.00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 08232011_184328

Files moved on Reboot...

Registry entries deleted on Reboot...
(Is this what you mean?)

Re: MS Removal Tool Problem24th August 2011, 1:48 am

Good. How is your computer running?

Re: MS Removal Tool Problem24th August 2011, 9:51 pm

it seems fine currently Thank You!

(should ask this now, If another problem occurs should i just post in this topic of should i start a new one?)

Re: MS Removal Tool Problem26th August 2011, 12:36 am

Start a new one please. Smile...

See this page for more info about malware and prevention.

MS Removal Tool Problem

descriptionMS Removal Tool Problem1st May 2011, 2:52 am

descriptionRe: MS Removal Tool Problem1st May 2011, 4:52 pm

descriptionRe: MS Removal Tool Problem1st May 2011, 5:55 pm

descriptionRe: MS Removal Tool Problem2nd May 2011, 4:59 pm

descriptionRe: MS Removal Tool Problem5th May 2011, 11:30 am

descriptionRe: MS Removal Tool Problem5th May 2011, 11:30 am

descriptionRe: MS Removal Tool Problem5th May 2011, 6:34 pm

descriptionRe: MS Removal Tool Problem5th May 2011, 7:45 pm

descriptionRe: MS Removal Tool Problem5th May 2011, 7:49 pm

descriptionRe: MS Removal Tool Problem5th May 2011, 8:20 pm

descriptionRe: MS Removal Tool Problem5th May 2011, 8:27 pm

descriptionRe: MS Removal Tool Problem6th May 2011, 8:18 pm

descriptionRe: MS Removal Tool Problem6th May 2011, 8:24 pm

descriptionRe: MS Removal Tool Problem6th May 2011, 10:28 pm

descriptionRe: MS Removal Tool Problem7th May 2011, 1:30 pm

descriptionRe: MS Removal Tool Problem12th August 2011, 10:01 pm

descriptionRe: MS Removal Tool Problem13th August 2011, 12:25 am

descriptionRe: MS Removal Tool Problem13th August 2011, 1:18 am

descriptionRe: MS Removal Tool Problem15th August 2011, 8:05 pm

descriptionRe: MS Removal Tool Problem19th August 2011, 12:19 pm

descriptionRe: MS Removal Tool Problem20th August 2011, 5:15 pm

descriptionRe: MS Removal Tool Problem20th August 2011, 5:46 pm

descriptionRe: MS Removal Tool Problem21st August 2011, 5:55 pm

descriptionRe: MS Removal Tool Problem21st August 2011, 8:08 pm

descriptionRe: MS Removal Tool Problem22nd August 2011, 8:37 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 12:39 am

descriptionRe: MS Removal Tool Problem23rd August 2011, 11:20 am

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:12 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:17 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:26 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:30 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:33 pm

descriptionRe: MS Removal Tool Problem23rd August 2011, 10:59 pm

descriptionRe: MS Removal Tool Problem24th August 2011, 1:48 am

descriptionRe: MS Removal Tool Problem24th August 2011, 9:51 pm

descriptionRe: MS Removal Tool Problem26th August 2011, 12:36 am

descriptionRe: MS Removal Tool Problem