issues with internet browsers after getting rid of malware

Yesterday I got the viruses "antispyware soft" and another one I forgot the name of. After removing them with malwarebytes the sound on my computer didn't work along with the internet browers (internet explorer and chrome). I played with the sound settings and got the sound working about but I can't do the same with the browers.. so I'm guessing the viruses changed a few of the settings. Can someone please help me get everything working again? THANK YOU!

update: the sound settings turn off again every time I restart (on the volume control the wave bar is at the lowest setting)

bump - please help!

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 10-05-16.06 - Ravi 18/05/2010 16:55:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1198 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Spyware Begone FS Edition
c:\documents and settings\All Users\Start Menu\Programs\Spyware Begone FS Edition\Free Spyware Scan.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Begone FS Edition\Read Me.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Begone FS Edition\Uninstall Spyware Begone Free Scan.lnk
c:\documents and settings\Ravi\Application Data\ATManager
c:\documents and settings\Ravi\Application Data\ATManager\metafiles\e7e2135bcdfc87179deacdb1cdac8b7a.torrent
c:\documents and settings\Ravi\Application Data\B492CDD16ABE77778680F46571235AF4
c:\documents and settings\Ravi\Application Data\B492CDD16ABE77778680F46571235AF4\enemies-names.txt
c:\documents and settings\Ravi\Application Data\B492CDD16ABE77778680F46571235AF4\lsrslt.ini
c:\documents and settings\Ravi\Application Data\inst.exe
C:\spywarebegone-fs
c:\spywarebegone-fs\DataBase\Master.enc
c:\spywarebegone-fs\DataBase\Url.enc
c:\spywarebegone-fs\freespywarescan.html
c:\spywarebegone-fs\irunin.bmp
c:\spywarebegone-fs\irunin.dat
c:\spywarebegone-fs\irunin.ini
c:\spywarebegone-fs\irunin.lng
c:\spywarebegone-fs\ReadMe.txt
c:\windows\Spyware Begone Setup Log.txt

.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:11 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-06 14:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 02:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 02:39 . 2008-12-08 17:59 4412178 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\SanDiskBackup.exe
2010-05-17 02:39 . 2008-12-08 15:32 2260992 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmEngine.dll
2010-05-17 02:39 . 2008-11-21 19:01 569344 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmLauncher.exe
2010-05-17 02:39 . 2008-11-19 12:46 37376 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dwmapi.dll
2010-05-17 02:39 . 2006-12-04 19:47 241664 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\U3Action.exe
2010-05-17 02:39 . 2009-09-23 17:55 3413288 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:28 . 2010-05-17 03:05 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-04-12 17:39 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-21 21:04 . 2010-04-21 21:04 -------- d-----w- c:\program files\iPod
2010-04-21 21:04 . 2010-04-21 21:05 -------- d-----w- c:\program files\iTunes
2010-04-21 21:04 . 2010-04-21 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 20:59 . 2010-04-21 21:00 -------- d-----w- c:\program files\QuickTime
2010-04-21 20:53 . 2010-04-21 20:53 -------- d-----w- c:\program files\Bonjour
2010-04-21 20:49 . 2010-04-21 20:49 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 21:14 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-18 20:36 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-18 12:04 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:34 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-18 03:28 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-11 02:37 . 2008-07-02 01:10 41 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-11 02:37 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2006-03-02 00:25 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
2009-04-01 02:47 . 2009-04-04 21:21 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axis love poll lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Log Live
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 00:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 08:15 75520 -c--a-w- c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 3:37 PM 149352]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 1:19 PM 102448]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\coh_mon.sys [12/01/2008 10:32 PM 23888]
S3 kaspersky1;kaspersky1; [x]
S3 kylix;kylix; [x]
S3 MooseKOPMA;MooseKOPMA; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 NUBBER;NUBBER; [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://hojo.dvrdns.org/WebDiginet.CAB
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 17:12
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-18 17:19:26
ComboFix-quarantined-files.txt 2010-05-18 21:19

Pre-Run: 70,915,125,248 bytes free
Post-Run: 70,938,009,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D95403F3FBE0E88B7B0CD5AC23E446F9

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
ntdll.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:28 on 19/05/2010 by Ravi (Administrator - Elevation successful)

========== filefind ==========

Searching for "ntdll.dll"
C:\cmdcons\SYSTEM32\NTDLL.DLL --a--- 708096 bytes [04:56 04/08/2004] [04:56 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\i386\ntdll.dll --a--c 708096 bytes [17:11 12/03/2006] [11:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\i386\SYSTEM32\NTDLL.DLL --a--c 708096 bytes [18:42 10/08/2004] [11:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\Program Files\RocketDock\Desktop Folders\Setups & Other Downloads\Windows XP Professional SP2 Activated\I386\NTDLL.DLL --a--c 708096 bytes [11:00 04/08/2004] [11:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\Program Files\RocketDock\Desktop Folders\Setups & Other Downloads\Windows XP Professional SP2 Activated\I386\SYSTEM32\NTDLL.DLL --a--c 708096 bytes [11:00 04/08/2004] [11:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll --a--c 715264 bytes [23:11 17/04/2009] [10:56 09/02/2009] B0913005EE3FC15D7F72472D0B8A30EB
C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll -----c 708096 bytes [12:32 15/10/2008] [11:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll -----c 706048 bytes [21:02 18/04/2009] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F
C:\WINDOWS\ServicePackFiles\i386\ntdll.dll -----c 706048 bytes [17:34 03/09/2008] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F
C:\WINDOWS\system32\dllcache\ntdll.dll -----c 714752 bytes [23:11 17/04/2009] [12:10 09/02/2009] 911DDF2E16761643A47225F654D811E5
C:\WINDOWS\system32\ntdll.dll ------ 714752 bytes [18:51 10/08/2004] [12:10 09/02/2009] 911DDF2E16761643A47225F654D811E5

-=End Of File=-

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4118

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19/05/2010 7:38:16 PM
mbam-log-2010-05-19 (19-38-16).txt

Scan type: Quick scan
Objects scanned: 143435
Time elapsed: 14 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1d658492978632459e7993d142736c6a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-20 05:34:07
# local_time=2010-05-20 01:34:07 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 100 100 0 13834910 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=130820
# found=2
# cleaned=2
# scan_time=19923
C:\Documents and Settings\Ravi\Desktop\SORT OUT!\SpywareBegone.exe Win32/Adware.SpywareBeGone application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\msv1_0.dll a variant of Win32/TrojanDownloader.Monkif.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
Microsoft Security Essentials
Microsoft Security Essentialy successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
AML Free Registry Cleaner 4.21
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_17
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 8.1.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

==

Update Adobe Reader

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==========================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thank you very much for your help! Actually, i use Google Chrome, not Firefox so thats why it isn't updated.. The only thing now is that my volume keeps turning off randomly.. under the Volume Control the Wave bar just goes to the lowest part.. do you know how i can fix this?

Please open Notepad and enter in the following:

Then, click File > Save as...
Save as sound.reg to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on sound.reg and confirm the prompt.

Once done, please reboot your computer and let me know if the issue continues.

Still happening

Ok.

Let's do some diagnostics.

DxDiag

1. Click Start and then click Run.
   
2. Type dxdiag in the Open box, and then click OK.
   
3. Click Save all information, and it will collect information and it will prompt you to save the file. Save the file to the Desktop.
   
4. Find DxDiag.txt on your Desktop, and post the contents of it in your next reply.

------------------
System Information
------------------
Time of this report: 5/21/2010, 12:25:23
Machine name: D57NSK91
Operating System: Windows XP Home Edition (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.100216-1514)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc.
System Model: Dell DV051
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A03
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Memory: 2038MB RAM
Page File: 665MB used, 1975MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: The file sthda.sys is not digitally signed, which means that it has not been tested by Microsoft's Windows Hardware Quality Labs (WHQL). You may be able to get a WHQL logo'd driver from the hardware manufacturer.
Sound Tab 2: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: Intel(R) 82915G/GV/910GL Express Chipset Family
Manufacturer: Intel Corporation
Chip type: Intel(R) 82915G/GV/910GL Express Chipset
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04
Display Memory: 128.0 MB
Current Mode: 1440 x 900 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: igxprd32.dll
Driver Version: 6.14.0010.4764 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 1/13/2007 10:33:00, 57344 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: igxpmp32.sys
Mini VDD Date: 1/13/2007 10:33:18, 5672032 bytes
Device Identifier: {D7B78E66-66C2-11CF-0461-CE21A5C2CB35}
Vendor ID: 0x8086
Device ID: 0x2582
SubSys ID: 0x01C41028
Revision ID: 0x0004
Revision ID: 0x0004
Video Accel:
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: SigmaTel Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801C4&REV_1022
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: sthda.sys
Driver Version: 5.10.4823.0000 (English)
Driver Attributes: Final Retail
WHQL Logo'd: No
Date and Size: 11/16/2005 23:36:00, 1047816 bytes
Other Files:
Driver Provider: SigmaTel
HW Accel Level: Full
Cap Flags: 0xB5B
Min/Max Sample Rate: 44100, 44100
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

Description: Modem #1 Line Playback (emulated)
Default Sound Playback: No
Default Voice Playback: No
Hardware ID:
Manufacturer ID: 1
Product ID: 81
Type: Emulated
Driver Name:
Driver Version:
Driver Attributes:
WHQL Logo'd:
Date and Size:
Other Files:
Driver Provider:
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: SigmaTel Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: sthda.sys
Driver Version: 5.10.4823.0000 (English)
Driver Attributes: Final Retail
Date and Size: 11/16/2005 23:36:00, 1047816 bytes
Cap Flags: 0x41
Format Flags: 0xCC0

Description: Modem #1 Line Record (emulated)
Default Sound Capture: No
Default Voice Capture: No
Driver Name:
Driver Version:
Driver Attributes:
Date and Size:
Cap Flags: 0x20
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Comfort Curve Keyboard 2000
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x00DD
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x265A
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 14:45:37, 59520 bytes
| Driver: usbd.sys, 8/4/2004 07:00:00, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ HID Keyboard Device
| Vendor/Product ID: 0x045E, 0x00DD
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
| Driver: kbdhid.sys, 4/13/2008 14:39:48, 14592 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
|
+ HID-compliant mouse
| Vendor/Product ID: 0x046D, 0xC016
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes
| Driver: mouhid.sys, 8/17/2001 15:48:00, 12160 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 Serial Service Provider: COM5
DirectPlay8 IPX Service Provider: IPX Adapter 1 - (00000000,001320DFC485)
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv6 - fe80::213:20ff:fedf:c485
DirectPlay8 TCP/IP Service Provider: Teredo Tunneling Pseudo-Interface - IPv6 - fe80::ffff:ffff:fffd
DirectPlay8 TCP/IP Service Provider: Automatic Tunneling Pseudo-Interface - IPv6 - fe80::5efe:
DirectPlay8 TCP/IP Service Provider: Local Area Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 88.9 GB
Total Space: 149.5 GB
File System: NTFS
Model: WDC WD1600JS-75NCB1

Drive: D:
Model: HL-DT-ST DVD+-RW GWA4164B
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:46, 62976 bytes

--------------
System Devices
--------------
Name: Intel(R) 82801FB/FBM Ultra ATA Storage Controllers - 266F
Device ID: PCI\VEN_8086&DEV_266F&SUBSYS_01C41028&REV_04\3&172E68DD&0&F9
Driver: n/a

Name: Intel(R) 82801FB/FBM SMBus Controller - 266A
Device ID: PCI\VEN_8086&DEV_266A&SUBSYS_01C41028&REV_04\3&172E68DD&0&FB
Driver: n/a

Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_2668&SUBSYS_01C41028&REV_04\3&172E68DD&0&D8
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 12:36:05, 144384 bytes

Name: Intel(R) 82801FB/FBM PCI Express Root Port - 2662
Device ID: PCI\VEN_8086&DEV_2662&SUBSYS_00000000&REV_04\3&172E68DD&0&E1
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel(R) 82801FB/FBM PCI Express Root Port - 2660
Device ID: PCI\VEN_8086&DEV_2660&SUBSYS_00000000&REV_04\3&172E68DD&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel(R) 82801FB/FBM USB2 Enhanced Host Controller - 265C
Device ID: PCI\VEN_8086&DEV_265C&SUBSYS_01C41028&REV_04\3&172E68DD&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/13/2008 20:11:54, 7168 bytes

Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 265B
Device ID: PCI\VEN_8086&DEV_265B&SUBSYS_01C41028&REV_04\3&172E68DD&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 265A
Device ID: PCI\VEN_8086&DEV_265A&SUBSYS_01C41028&REV_04\3&172E68DD&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 2659
Device ID: PCI\VEN_8086&DEV_2659&SUBSYS_01C41028&REV_04\3&172E68DD&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel(R) 82801FB/FBM USB Universal Host Controller - 2658
Device ID: PCI\VEN_8086&DEV_2658&SUBSYS_01C41028&REV_04\3&172E68DD&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel(R) 82801FB Ultra ATA Storage Controllers - 2652
Device ID: PCI\VEN_8086&DEV_2652&SUBSYS_01C41028&REV_04\3&172E68DD&0&FA
Driver: n/a

Name: Intel(R) 82801FB LPC Interface Controller - 2640
Device ID: PCI\VEN_8086&DEV_2640&SUBSYS_00000000&REV_04\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:41, 37248 bytes

Name: Intel(R) 82915G/GV/910GL Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys, 6.14.0010.4764 (English), 1/13/2007 10:33:18, 5672032 bytes
Driver: C:\WINDOWS\system32\igxprd32.dll, 6.14.0010.4764 (English), 1/13/2007 10:33:00, 57344 bytes
Driver: C:\WINDOWS\system32\igxpgd32.dll, 6.14.0010.4764 (English), 1/13/2007 10:32:54, 149504 bytes
Driver: C:\WINDOWS\system32\igxpdv32.dll, 6.14.0010.4764 (English), 1/13/2007 10:32:40, 1563776 bytes
Driver: C:\WINDOWS\system32\igxpdx32.dll, 6.14.0010.4764 (English), 1/13/2007 10:33:46, 2482688 bytes
Driver: C:\WINDOWS\system32\igxpxk32.vp, 1/13/2007 09:37:32, 2096 bytes
Driver: C:\WINDOWS\system32\igxpxs32.vp, 1/13/2007 11:36:34, 24784 bytes
Driver: C:\WINDOWS\system32\hccutils.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:08, 102400 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:26, 46080 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.exe, 6.14.0010.4764 (English), 1/13/2007 09:46:24, 241664 bytes
Driver: C:\WINDOWS\system32\igfxpph.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:42, 200704 bytes
Driver: C:\WINDOWS\system32\igfxcpl.cpl, 6.14.0010.4764 (English), 1/13/2007 09:46:42, 122880 bytes
Driver: C:\WINDOWS\system32\igfxcfg.exe, 6.14.0010.4764 (English), 1/13/2007 09:48:16, 528384 bytes
Driver: C:\WINDOWS\system32\igfxdev.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:04, 204800 bytes
Driver: C:\WINDOWS\system32\igfxdo.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:34, 135168 bytes
Driver: C:\WINDOWS\system32\igfxtray.exe, 6.14.0010.4764 (English), 1/13/2007 09:47:04, 131072 bytes
Driver: C:\WINDOWS\system32\igfxzoom.exe, 6.14.0010.4764 (English), 1/13/2007 09:46:18, 163840 bytes
Driver: C:\WINDOWS\system32\hkcmd.exe, 6.14.0010.4764 (English), 1/13/2007 09:47:04, 163840 bytes
Driver: C:\WINDOWS\system32\igfxress.dll, 6.14.0010.4764 (English), 1/13/2007 09:45:54, 3293184 bytes
Driver: C:\WINDOWS\system32\igfxpers.exe, 6.14.0010.4764 (English), 1/13/2007 09:46:36, 135168 bytes
Driver: C:\WINDOWS\system32\igfxrara.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:00, 159744 bytes
Driver: C:\WINDOWS\system32\igfxrchs.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:02, 110592 bytes
Driver: C:\WINDOWS\system32\igfxrcht.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:02, 110592 bytes
Driver: C:\WINDOWS\system32\igfxrdan.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:02, 172032 bytes
Driver: C:\WINDOWS\system32\igfxrdeu.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 192512 bytes
Driver: C:\WINDOWS\system32\igfxrenu.lrc, 6.14.0010.4764 (English), 1/13/2007 09:45:54, 172032 bytes
Driver: C:\WINDOWS\system32\igfxresp.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 188416 bytes
Driver: C:\WINDOWS\system32\igfxrfin.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 176128 bytes
Driver: C:\WINDOWS\system32\igfxrfra.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 184320 bytes
Driver: C:\WINDOWS\system32\igfxrheb.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 155648 bytes
Driver: C:\WINDOWS\system32\igfxrita.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 188416 bytes
Driver: C:\WINDOWS\system32\igfxrjpn.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 131072 bytes
Driver: C:\WINDOWS\system32\igfxrkor.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 126976 bytes
Driver: C:\WINDOWS\system32\igfxrnld.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 188416 bytes
Driver: C:\WINDOWS\system32\igfxrnor.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 172032 bytes
Driver: C:\WINDOWS\system32\igfxrplk.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:06, 176128 bytes
Driver: C:\WINDOWS\system32\igfxrptb.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 180224 bytes
Driver: C:\WINDOWS\system32\igfxrptg.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 180224 bytes
Driver: C:\WINDOWS\system32\igfxrrus.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 180224 bytes
Driver: C:\WINDOWS\system32\igfxrslv.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 172032 bytes
Driver: C:\WINDOWS\system32\igfxrsky.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 176128 bytes
Driver: C:\WINDOWS\system32\igfxrsve.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 172032 bytes
Driver: C:\WINDOWS\system32\igfxrtha.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:08, 163840 bytes
Driver: C:\WINDOWS\system32\igfxrcsy.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:02, 176128 bytes
Driver: C:\WINDOWS\system32\igfxrell.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 192512 bytes
Driver: C:\WINDOWS\system32\igfxrhun.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:04, 180224 bytes
Driver: C:\WINDOWS\system32\igfxrtrk.lrc, 6.14.0010.4764 (English), 1/13/2007 09:49:10, 172032 bytes
Driver: C:\WINDOWS\system32\igfxext.exe, 6.14.0010.4764 (English), 1/13/2007 09:46:34, 163840 bytes
Driver: C:\WINDOWS\system32\igfxexps.dll, 6.14.0010.4764 (English), 1/13/2007 09:46:36, 24576 bytes
Driver: C:\WINDOWS\system32\iglicd32.dll, 6.14.0010.4764 (English), 1/13/2007 10:07:38, 2334720 bytes
Driver: C:\WINDOWS\system32\igldev32.dll, 6.14.0010.4764 (English), 1/13/2007 10:09:14, 450560 bytes
Driver: C:\WINDOWS\system32\igfxCoIn_v4764.dll, 1/13/2007 10:46:36, 204800 bytes

Name: Intel(R) 915G/P/GV Processor to I/O Controller - 2580
Device ID: PCI\VEN_8086&DEV_2580&SUBSYS_00000000&REV_04\3&172E68DD&0&00
Driver: n/a

Name: Intel(R) 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_D4\3&172E68DD&0&F0
Driver: n/a

Name: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Driver: n/a

Name: Sony MPEG RealTime encoder board
Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_813D104D&REV_01\4&10BD256C&0&08F0
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.5512 (English), 4/13/2008 20:11:56, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.5512 (English), 4/13/2008 20:12:42, 129536 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.5512 (English), 4/13/2008 16:16:36, 141056 bytes
Driver: C:\WINDOWS\system32\kstvtune.ax, 5.03.2600.5512 (English), 4/13/2008 21:12:42, 61952 bytes
Driver: C:\WINDOWS\system32\ksxbar.ax, 5.03.2600.5512 (English), 4/13/2008 21:12:42, 43008 bytes
Driver: C:\WINDOWS\system32\kswdmcap.ax, 5.03.2600.5512 (English), 4/13/2008 20:12:42, 91136 bytes
Driver: C:\WINDOWS\system32\vidcap.ax, 5.01.2600.5512 (English), 4/13/2008 20:12:42, 28672 bytes
Driver: C:\WINDOWS\system32\vfwwdm32.dll, 5.01.2600.5512 (English), 4/13/2008 21:12:08, 53760 bytes
Driver: C:\WINDOWS\system32\iyuv_32.dll, 5.01.2600.5908 (English), 11/27/2009 12:07:34, 48128 bytes
Driver: C:\WINDOWS\system32\msh263.drv, 5.01.2600.5512 (English), 4/13/2008 21:12:46, 294912 bytes
Driver: C:\WINDOWS\system32\msyuv.dll, 5.03.2600.5908 (English), 11/27/2009 13:11:44, 17920 bytes
Driver: C:\WINDOWS\system32\tsbyuv.dll, 5.01.2600.5908 (English), 11/27/2009 12:07:35, 8704 bytes
Driver: C:\WINDOWS\system32\DRIVERS\smrt.sys, 1.01.0004.2250 (English), 2/25/2004 09:28:54, 768256 bytes

Name: Conexant D850 56K V.9x DFVc Modem
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10BD256C&0&10F0
Driver: n/a

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/4/2004 07:00:00 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/4/2004 07:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 29696 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 17920 bytes
dpnet.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:18 83456 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/4/2004 07:00:00 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/4/2004 07:00:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 82432 bytes
system.dll: 1.01.4322.2443 English Final Retail 10/14/2009 23:32:45 1232896 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 8/22/2008 16:04:41 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 5.04.0000.3900 English Final Retail 5/10/2008 16:41:42 2676224 bytes
Microsoft.DirectX.Direct3DX.dll: 9.04.0091.0000 English Final Retail 5/10/2008 16:41:44 2846720 bytes
Microsoft.DirectX.Direct3DX.dll: 9.05.0132.0000 English Final Retail 5/10/2008 16:41:44 563712 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 5/10/2008 16:41:45 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 5/10/2008 16:41:46 576000 bytes
Microsoft.DirectX.Direct3DX.dll: 9.08.0299.0000 English Final Retail 5/10/2008 16:41:47 577024 bytes
Microsoft.DirectX.Direct3DX.dll: 9.09.0376.0000 English Final Retail 8/22/2008 16:04:42 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.10.0455.0000 English Final Retail 5/10/2008 16:41:48 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.11.0519.0000 English Final Retail 5/10/2008 16:41:49 578560 bytes
Microsoft.DirectX.Direct3DX.dll: 9.12.0589.0000 English Final Retail 5/10/2008 16:41:52 578560 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:43 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:44 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:44 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:45 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:40 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:41 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 8/22/2008 16:04:39 223232 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 8/4/2004 07:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 4/13/2008 20:11:56 1028096 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/13/2008 20:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:56 35328 bytes
mpg2splt.ax: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:42 148992 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:53 20480 bytes
qasf.dll: 11.00.5721.5145 English Final Retail 10/18/2006 22:47:18 211456 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 279040 bytes
qdvd.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 386048 bytes
qedit.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 562176 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 13:21:32 733696 bytes
quartz.dll: 6.05.2600.5908 English Final Retail 11/27/2009 13:11:44 1291776 bytes
strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 04:00:21 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/13/2008 20:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/13/2008 20:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/13/2008 20:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/13/2008 20:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/13/2008 20:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/13/2008 20:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/13/2008 20:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/13/2008 20:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 05:01:48 204800 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 16:16:36 141056 bytes
ksproxy.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 129536 bytes
ksuser.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:56 4096 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 15:45:16 49408 bytes
mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5376 bytes
mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 14:39:51 4992 bytes
mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:52 7552 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:53 4352 bytes
mstee.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5504 bytes
ipsink.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 16384 bytes
mpeg2data.ax: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:42 118272 bytes
ndisip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:22 10880 bytes
streamip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:21 15232 bytes
msvidctl.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:01 1428992 bytes
slip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 11136 bytes
nabtsfec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:25 85248 bytes
ccdecode.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 17024 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 30208 bytes
msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 13:11:44 17920 bytes
kstvtune.ax: 5.03.2600.5512 English Final Retail 4/13/2008 21:12:42 61952 bytes
ksxbar.ax: 5.03.2600.5512 English Final Retail 4/13/2008 21:12:42 43008 bytes
kswdmcap.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 91136 bytes
vfwwdm32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 21:12:08 53760 bytes
wstcodec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:24 19200 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:10 50688 bytes

------------------
DirectShow Filters
------------------

WDM Streaming VBI Codecs:
NABTS/FEC VBI Codec,0x00200000,2,1,,5.03.2600.5512
CC Decoder,0x00200000,2,1,,5.03.2600.5512
WST Codec,0x00200000,1,1,,5.03.2600.5512

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMA Voice Decoder DMO,0x00600800,1,1,,
Canon G.726 DMO Decoder,0x00000000,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
SONY DV Video Decoder,0x00400000,1,1,sdvvd.ax,1.82.5170.0000
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
InterVideo Audio Processor Fx,0x00400000,1,1,Auprocfx.ax,
InterVideo Video Decoder,0x00700000,2,4,IVIVIDEO.ax,4.05.0028.0080
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.5908
FunBox Ogg Decoder Filter,0x00600000,0,0,FunOggDecFilter.ax,1.00.0000.0001
Index Converter,0x00400000,1,1,INDEXC~1.AX,
InterVideo Audio Encoder,0x00200000,1,1,iviaenc.ax,3.00.0079.0059
WAV Dest Trial,0x00200000,0,0,WavD2Try.dll,1.01.0000.3463
SONY From Capture To Justclock Filter,0x00200000,1,1,FmCp2Jck.ax,5.05.0000.2100
InterVideo Demux,0x00200000,1,2,IVIdemxx.ax,3.00.0079.0059
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.5908
WM ASF Reader,0x00400000,0,0,qasf.dll,11.00.5721.5145
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5145
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.5908
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
InterVideo Time Shift,0x00200000,1,2,ivits.ax,3.00.0079.0059
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.5908
Indeo video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
Photo Story 2 Trial Source Filter,0x00200000,0,1,PSSF2Try.dll,1.01.0000.3463
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512
FilmRoll Generate Filter,0x00200000,2,2,FRGen.ax,5.05.0003.6050
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.5512
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5908
Sony MPEG Video Decoder,0x00100000,1,1,SMVD.ax,2.26.0000.0000
Indeo video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
InterVideo Video Encoder,0x00200000,2,1,IVIVENC.ax,3.00.0079.0059
InterVideo Multiplexer,0x00200000,1,1,ivimux.ax,3.00.0079.0059
Conexant Color Format Converter,0x00600000,1,1,COLORC~1.AX,
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.5908
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.5908
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.06.0000.0051
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.5512
WAV Dest,0x00200000,0,0,wavdest.ax,9.00.0000.0000
AsyncEx,0x00200000,0,1,AsyncEx.ax,
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
File Source (MP3),0x00400000,0,1,MP3Source.ax,
Canon MDP Motion-JPEG Decoder,0x00200001,1,1,CanonMDPMJPEGDecoder.ax,2.05.0000.0005
Sonic DVD-VR Navigator,0x00200000,0,2,SonicDVDDashVRNav.dll,1.03.0000.0116
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5908
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.5908
_ VSO Preview Filter,0x00200000,0,1,VsoVprev.ax,3.00.0001.0043
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,11.00.5721.5145
FunBox MPEG Decoder Filter,0x00600000,0,0,FunDecFilter.ax,1.00.0001.0000
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Canon Actual Data Length Setter,0x00200000,1,1,CanonActualDataLengthSetter.ax,2.04.0000.0005
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
Canon Custom Resizer SaveMode,0x00200000,1,1,CanonDESResizer.ax,2.05.0000.0006
Canon Resizer,0x00200000,1,1,CanonResizer.ax,2.04.0000.0006
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
InterVideo Wave Wrapper,0x00200000,0,0,IVIwavex.ax,3.00.0079.0059
InterVideo Down Scale Filter,0x00200000,1,1,IVIDownS.ax,3.00.0079.0059
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
NSC file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.5908
Windows Media source filter,0x00600000,0,2,wmpasf.dll,11.00.5721.5145
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5908
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.5512
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.5512
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.5908
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.5908
InterVideo Pre-scaling Filter,0x00200000,1,1,IVIScale.ax,3.00.0079.0059
DivX Decoder Filter,0xff800000,1,1,divxdec.ax,6.03.0000.0066
WM ASF Writer,0x00400000,0,0,qasf.dll,11.00.5721.5145
InterVideo Audio Decoder,0x00700000,1,1,iviaudio.ax,4.05.0028.0080
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
DivX Demux,0x00600000,1,0,DivXMedia.ax,0.00.0000.0028
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
Canon Image Rotation Filter 1.1,0x00200000,1,1,CanonRotateFilter.dll,1.01.0001.0005
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Canon G.726 Decoder,0x00800000,1,1,CanonG726Decoder.ax,1.00.0000.0003
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
FunBox MPEG Encoder Filter,0x00200000,0,0,FunEncFilter.ax,1.00.0001.0006
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.5512
Sonic Cinemaster MCE Audio Decoder,0x00710000,1,1,CinemasterAudio.DLL,2.08.0006.1418
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.5512
Canon Motion-JPEG Decoder,0x00200001,1,1,CanonMJPEGDecoder.ax,2.05.0000.0005
SONY Giga Pocket CC Decode Filter,0x00200000,1,0,SgpCCflt.ax,5.05.0000.3200
Tivo DirectShow Source Filter,0x00400000,0,1,TiVoDirectShowFilter.dll,1.00.0017.6289
Sony Capsule Writer,0x00200000,2,0,scapwrt.ax,5.05.0005.9050
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.5908
.RAM file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
InterVideo Navigator,0x00190000,0,3,IVInav.ax,4.05.0028.0080
Canon Text Source Filter,0x00200000,0,1,CanonTextSourceFilter.ax,2.05.0001.0013
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
Sony Video Capsule Source Filter,0x00400000,0,1,vcsrcflt.ax,5.05.0005.9190
Indeo audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
SONY DeInterlace,0x00200000,1,1,DEINTE~1.AX,1.00.11113.0000
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
LAME MPEG Layer III Audio Encoder,0x00100000,2,1,lame_dshow.ax,
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF URL Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
DivX Subtitle Decoder,0x00600000,1,1,DivXMedia.ax,0.00.0000.0028
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5512
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5512
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.5512
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.5512
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5908
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Audible Words Codec,0x00500000,1,1,awrdscdc.ax,3.06.0001.0000
Sony DMUX-MUX Filter,0x00200000,2,2,ReComp.ax,5.05.0000.3250
InterVideo File Writer,0x00200000,1,0,IVIwrite.ax,3.00.0079.0059
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.5908
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.5908
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.5908
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.5908
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.5908
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.5908
XML Playlist,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
Canon WAV Dest,0x00200000,0,0,CanonWavDest.ax,2.04.0000.0004
Sonic CM(R) DS VideoDecoder 4.0,0x50800001,2,2,CinemasterVideo.DLL,4.00.0000.0036
Sony MPEG Video Decoder LE,0x00000000,1,1,SMVDLE.ax,2.36.0000.0000
InterVideo Still Capture,0x00200000,1,1,IVIscapt.ax,3.00.0079.0059
Sony MPEG Audio Decoder,0x00100000,1,1,SMAD.ax,2.13.0000.0000
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.5908
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.5908
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.5908
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Canon Motion-JPEG Encoder,0x00200000,1,1,CanonMJPEGEncoder.ax,2.04.0000.0004
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Sonic Cinemaster DS VCD Navigator,0x00200000,0,3,CinemasterVCDNav.dll,1.00.0000.0185
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
FunBox Audio EQ Filter,0x00200000,1,1,FunEQFilter.ax,1.00.0000.0004
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5908
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.5908
psWav Dest,0x00200000,0,0,psWavDes.ax,1.01.0000.0002
Sony MPEG2 TS Splitter Ex,0x0060000f,1,2,tssplt_s.ax,2.00.0000.15100
Indeo video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,,
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.5512

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
Indeo video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
InterVideo Video Encoder,0x00200000,2,1,IVIVENC.ax,3.00.0079.0059
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.5908
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
DivX 6.8.4 Codec (1 Logical CPU),0x00200000,1,1,qcap.dll,6.05.2600.5512
Sony DV software CODEC,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512
DivX 6.8.4 YV12 Decoder,0x00200000,1,1,qcap.dll,6.05.2600.5512

Audio Compressors:
WMA Voice Encoder DMO,0x00600800,1,1,,
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
InterVideo Audio Encoder,0x00200000,1,1,iviaenc.ax,3.00.0079.0059
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.5908
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5908
PCM,0x00200000,1,1,quartz.dll,6.05.2600.5908
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5908
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.5908
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.5908
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.5908
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.5908
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.5908
Messenger Audio Codec,0x00200000,1,1,quartz.dll,6.05.2600.5908
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.5908
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.5908
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.5908
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.5908

Audio Capture Sources:
SigmaTel Audio,0x00200000,0,0,qcap.dll,6.05.2600.5512
Modem #1 Line Record,0x00200000,0,0,qcap.dll,6.05.2600.5512

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.5908
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.5908

WDM Streaming Capture Devices:
SigmaTel Audio,0x00200000,2,2,,5.03.2600.5512
SMRT Capture,0x00200000,2,8,,5.03.2600.5512

WDM Streaming Rendering Devices:
SigmaTel Audio,0x00200000,2,2,,5.03.2600.5512

BDA Rendering Filters:
BDA IP Sink,0x00200000,1,1,,5.03.2600.5512

Video Capture Sources:
SMRT Capture,0x00200000,2,8,,5.03.2600.5512

BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,

WDM Streaming TV Tuner Devices:
SMRT TV Tuner,0x00200000,1,1,,5.03.2600.5512

WDM Streaming Crossbar Devices:
SMRT Crossbar,0x00200000,6,2,,5.03.2600.5512

WDM Streaming TV Audio Devices:
SMRT TV Audio,0x00200000,1,1,,5.03.2600.5512

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.5512
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.5512
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.5512

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512

Audio Renderers:
SigmaTel Audio,0x00200000,1,0,quartz.dll,6.05.2600.5908
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.5908
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.5908
DirectSound: Modem #1 Line Playback (emulated),0x00200000,1,0,quartz.dll,6.05.2600.5908
DirectSound: SigmaTel Audio,0x00200000,1,0,quartz.dll,6.05.2600.5908
Modem #1 Line Playback,0x00200000,1,0,quartz.dll,6.05.2600.5908

WDM Streaming System Devices:
SigmaTel Audio,0x00200000,7,2,,5.03.2600.5512

BDA Receiver Component:
BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5512

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
sthda.sys
  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Sorry for the late reply, I was out of town for a couple days with my family

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:29 on 24/05/2010 by Ravi (Administrator - Elevation successful)

========== filefind ==========

Searching for "sthda.sys"
C:\drivers\audio\onboard\sthda.sys --a--c 1047816 bytes [00:27 02/03/2006] [03:36 17/11/2005] 2A2DC39623ADEF8AB3703AB9FAC4B440
C:\i386\sthda.sys --a--c 1047816 bytes [06:42 12/03/2006] [03:36 17/11/2005] 2A2DC39623ADEF8AB3703AB9FAC4B440
C:\WINDOWS\system32\drivers\sthda.sys ------ 1047816 bytes [00:27 02/03/2006] [03:36 17/11/2005] 2A2DC39623ADEF8AB3703AB9FAC4B440

-=End Of File=-

Please download TDSSKiller and save it to your Desktop.

• Extract the file and run it.
  
• Once completed it will create a log in your C:\ drive.
  
• Please post the contents of that log.

22:24:48:031 2884 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
22:24:48:031 2884 ================================================================================
22:24:48:031 2884 SystemInfo:

22:24:48:031 2884 OS Version: 5.1.2600 ServicePack: 3.0
22:24:48:031 2884 Product type: Workstation
22:24:48:031 2884 ComputerName: D57NSK91
22:24:48:031 2884 UserName: Ravi
22:24:48:031 2884 Windows directory: C:\WINDOWS
22:24:48:031 2884 Processor architecture: Intel x86
22:24:48:031 2884 Number of processors: 1
22:24:48:031 2884 Page size: 0x1000
22:24:48:031 2884 Boot type: Normal boot
22:24:48:031 2884 ================================================================================
22:24:48:078 2884 UnloadDriverW: NtUnloadDriver error 2
22:24:48:078 2884 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
22:24:48:218 2884 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:24:48:218 2884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:24:48:218 2884 wfopen_ex: Trying to KLMD file open
22:24:48:218 2884 wfopen_ex: File opened ok (Flags 2)
22:24:48:218 2884 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:24:48:218 2884 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:24:48:218 2884 wfopen_ex: Trying to KLMD file open
22:24:48:218 2884 wfopen_ex: File opened ok (Flags 2)
22:24:48:218 2884 KLAVA engine initialized
22:24:48:500 2884 Initialize success
22:24:48:500 2884
22:24:48:500 2884 Scanning Services ...
22:24:49:187 2884 Raw services enum returned 413 services
22:24:49:218 2884
22:24:49:218 2884 Scanning Drivers ...
22:24:49:718 2884 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:24:49:828 2884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:24:49:890 2884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:24:49:906 2884 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:24:49:984 2884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:24:50:046 2884 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
22:24:50:109 2884 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:24:50:187 2884 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:24:50:250 2884 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:24:50:328 2884 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:24:50:390 2884 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:24:50:406 2884 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:24:50:421 2884 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:24:50:437 2884 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:24:50:453 2884 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:24:50:515 2884 AR5211 (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
22:24:50:640 2884 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:24:50:718 2884 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:24:50:859 2884 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:24:50:937 2884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:24:51:000 2884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:24:51:046 2884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:24:51:109 2884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:24:51:125 2884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:24:51:203 2884 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:24:51:265 2884 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:24:51:281 2884 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:24:51:328 2884 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:24:51:343 2884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:24:51:390 2884 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:24:51:406 2884 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:24:51:406 2884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:24:51:437 2884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:24:51:468 2884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:24:51:500 2884 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
22:24:51:546 2884 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:24:51:562 2884 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:24:51:578 2884 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:24:51:593 2884 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:24:51:625 2884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:24:51:687 2884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:24:51:750 2884 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:24:51:812 2884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:24:51:828 2884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:24:51:953 2884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:24:52:015 2884 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:24:52:093 2884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:24:52:125 2884 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:24:52:203 2884 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
22:24:52:281 2884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:24:52:328 2884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:24:52:390 2884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:24:52:421 2884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:24:52:484 2884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:24:52:500 2884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:24:52:515 2884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:24:52:578 2884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:24:52:593 2884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:24:52:609 2884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:24:52:625 2884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:24:52:671 2884 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:24:52:734 2884 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:24:52:921 2884 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:24:53:140 2884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:24:53:203 2884 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:24:53:265 2884 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:24:53:281 2884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:24:53:500 2884 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:24:53:718 2884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:24:53:750 2884 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:24:53:796 2884 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:24:53:859 2884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:24:53:921 2884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:24:53:968 2884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:24:54:000 2884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:24:54:046 2884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:24:54:125 2884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:24:54:281 2884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:24:54:359 2884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:24:54:515 2884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:24:54:843 2884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:24:55:125 2884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:24:55:171 2884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:24:55:218 2884 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
22:24:55:250 2884 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:24:55:250 2884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:24:55:312 2884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:24:55:390 2884 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:24:55:484 2884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:24:55:515 2884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:24:55:562 2884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:24:55:593 2884 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:24:55:640 2884 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:24:55:671 2884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:24:55:718 2884 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:24:55:765 2884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:24:55:812 2884 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\WINDOWS\system32\Drivers\nx6000.sys
22:24:55:859 2884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:24:55:875 2884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:24:55:906 2884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:24:55:953 2884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:24:56:000 2884 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:24:56:046 2884 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:24:56:062 2884 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:24:56:125 2884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:24:56:171 2884 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:24:56:234 2884 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:24:56:234 2884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:24:56:250 2884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:24:56:296 2884 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
22:24:56:343 2884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:24:56:390 2884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:24:56:421 2884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:24:56:484 2884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:24:56:531 2884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:24:56:656 2884 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:24:56:765 2884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:24:56:859 2884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:24:56:906 2884 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:24:56:921 2884 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:24:56:968 2884 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:24:57:031 2884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:24:57:046 2884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:24:57:062 2884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:24:57:078 2884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:24:57:093 2884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:24:57:140 2884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:24:57:203 2884 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:24:57:281 2884 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
22:24:57:359 2884 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:24:57:375 2884 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:24:57:421 2884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:24:57:437 2884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:24:57:453 2884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:24:57:468 2884 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:24:57:500 2884 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:24:57:515 2884 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:24:57:531 2884 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:24:57:531 2884 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:24:57:546 2884 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:24:57:593 2884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:24:57:593 2884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:24:57:625 2884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:24:57:640 2884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:24:57:656 2884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:24:57:671 2884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:24:57:703 2884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:24:57:796 2884 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:24:57:875 2884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:24:57:968 2884 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:24:58:031 2884 ROCKEYNT (7b9921a14be8d230148b87322cf1917a) C:\WINDOWS\system32\DRIVERS\Rockey4.sys
22:24:58:125 2884 Rockey_USB (e7b17e52e9dd2f37874c60c43b5d0047) C:\WINDOWS\system32\DRIVERS\Rockey4USB.sys
22:24:58:187 2884 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:24:58:234 2884 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
22:24:58:296 2884 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
22:24:58:390 2884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:24:58:453 2884 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:24:58:515 2884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:24:58:562 2884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:24:58:625 2884 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:24:58:656 2884 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:24:58:734 2884 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys
22:24:58:859 2884 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:24:58:937 2884 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:24:58:984 2884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:24:59:078 2884 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
22:24:59:078 2884 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
22:24:59:093 2884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:24:59:171 2884 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
22:24:59:250 2884 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
22:24:59:296 2884 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
22:24:59:359 2884 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
22:24:59:421 2884 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
22:24:59:500 2884 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
22:24:59:593 2884 StMp3Rec (2cc30201a160c559fb74b8456370ddc6) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
22:24:59:656 2884 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:24:59:718 2884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:24:59:750 2884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:24:59:828 2884 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:24:59:906 2884 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:24:59:953 2884 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:24:59:968 2884 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:25:00:000 2884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:25:00:078 2884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:25:00:156 2884 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
22:25:00:218 2884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:25:00:265 2884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:25:00:328 2884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:25:00:375 2884 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:25:00:437 2884 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:25:00:453 2884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:25:00:500 2884 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:25:00:562 2884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:25:00:625 2884 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:25:00:687 2884 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:25:00:718 2884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:25:00:734 2884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:25:00:765 2884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:25:00:765 2884 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:25:00:828 2884 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:25:00:937 2884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:25:00:968 2884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:25:01:046 2884 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:25:01:078 2884 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:25:01:140 2884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:25:01:187 2884 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:25:01:203 2884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:25:01:218 2884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:25:01:265 2884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:25:01:296 2884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:25:01:375 2884 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:25:01:484 2884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:25:01:546 2884 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:25:01:593 2884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:25:01:609 2884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:25:01:640 2884
22:25:01:640 2884 Completed
22:25:01:640 2884
22:25:01:640 2884 Results:
22:25:01:640 2884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:25:01:640 2884 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:25:01:640 2884
22:25:01:640 2884 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:25:01:640 2884 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:25:01:640 2884 KLMD(ARK) unloaded successfully

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

Please download OTM

• Save it to your desktop.
  
• Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):
  
  

  :files C:\WINDOWS\Temp\svchost.exe :Commands [emptytemp] [purity] [Reboot]

  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

After i clicked MoveIt, i got a message saying "This system is shutting down.." it had a timer for a minute and OTM got started but im not sure if it finished.
then after it restarted itself, notepad opened up and it said something about something being moved. Sorry, i didn't catch it all.

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: File:: C:\WINDOWS\Temp\svchost.exe rootkit:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-05-26.01 - Ravi 26/05/2010 16:14:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1519 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\Temp\svchost.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:28 . 2010-05-17 03:05 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 20:24 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 kaspersky1;kaspersky1; [x]
S3 kylix;kylix; [x]
S3 MooseKOPMA;MooseKOPMA; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 NUBBER;NUBBER; [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://hojo.dvrdns.org/WebDiginet.CAB
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_12\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys spka.sys hal.dll >>UNKNOWN [0x8AA74938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-05-26 16:36:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-26 20:36

Pre-Run: 92,983,279,616 bytes free
Post-Run: 92,963,074,048 bytes free

- - End Of File - - 69EF1C268DC5DDA454B7F40D2C77D34C

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:



Post a log (MBR.log).

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

Odd.

Please run ComboFix again and post a log.

ComboFix 10-05-27.01 - Ravi 27/05/2010 22:20:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1496 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2008-12-08 17:59 4412178 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\SanDiskBackup.exe
2010-05-17 02:39 . 2008-12-08 15:32 2260992 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmEngine.dll
2010-05-17 02:39 . 2008-11-21 19:01 569344 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dmLauncher.exe
2010-05-17 02:39 . 2008-11-19 12:46 37376 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\dwmapi.dll
2010-05-17 02:39 . 2006-12-04 19:47 241664 ----a-w- c:\documents and settings\Administrator\Application Data\U3\0877511B77D31919\95B00C26-9F8F-4d12-B4CD-5E200B415FB7\Exec\U3Action.exe
2010-05-17 02:39 . 2009-09-23 17:55 3413288 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:28 . 2010-05-17 03:05 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-04-12 17:39 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 02:23 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
S3 kaspersky1;kaspersky1; [x]
S3 kylix;kylix; [x]
S3 MooseKOPMA;MooseKOPMA; [x]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 NUBBER;NUBBER; [x]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://hojo.dvrdns.org/WebDiginet.CAB
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-27 22:32:26
ComboFix-quarantined-files.txt 2010-05-28 02:32
ComboFix2.txt 2010-05-26 20:36

Pre-Run: 92,652,736,512 bytes free
Post-Run: 92,619,284,480 bytes free

- - End Of File - - 7B0B3DA12AE76B3D5991D14ADAE558D2

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: Folder:: c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou DirLook:: c:\program files\AML Products FileLook:: c:\windows\system32\drivers\lbrtfdc.sys c:\windows\iun6002.exe DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:5555 Driver:: kaspersky1 kylix MooseKOPMA NUBBER Rootkit:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-05-28.02 - Ravi 28/05/2010 16:56:36.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1500 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ravi\Local Settings\Application Data\hpngtvkou
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KASPERSKY1
-------\Legacy_MOOSEKOPMA
-------\Legacy_NUBBER
-------\Service_kaspersky1
-------\Service_kylix
-------\Service_MooseKOPMA
-------\Service_NUBBER


((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-18 02:53 . 2010-05-18 02:53 -------- d-----w- c:\program files\AML Products
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-29 00:49 . 2010-05-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 21:06 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\iun6002.exe ---
Company: Indigo Rose Corporation
File Description: SUF60Runtime
File Version: 6.0.1.4
Product Name: Setup Factory 6.0 Runtime Module
Copyright: Copyright 2001 - 2002 Indigo Rose Corporation. All Rights Reserved
Original Filename: SUF60Runtime.exe
File size: 737280
Created time: 2009-06-27 03:08
Modified time: 2010-05-18 03:49
MD5: 456462905091DB042141487FE030E3C9
SHA1: BB57B4850528C3C8D9BF159FB5B9F414DDC7D5D7


--- c:\windows\system32\drivers\lbrtfdc.sys ---
Company: Toshiba Corp.
File Description: Toshiba Libretto floppy controller
File Version: Version 5.10.3 (xpsp.080413-2108)
Product Name: Microsoft Windows Operating System
Copyright: Copyright (C) Toshiba Corp. 1998-2000. Copyright (C) Microsoft Corp. 2007
Original Filename: Lbrtfdc.sys
File size: 34688
Created time: 2010-05-17 02:28
Modified time: 2008-04-13 18:40
MD5: 406598827A1B5F77954DE11DDE115CED
SHA1: 16DDE4CBF03C0C2335EE651C6EF886669908A41F

---- Directory of c:\program files\AML Products ----

2010-05-18 02:53 . 2008-11-29 20:50 20480 ----a-w- c:\program files\AML Products\Registry Cleaner\UN.exe
2010-05-18 02:53 . 2009-10-31 16:37 143360 ----a-w- c:\program files\AML Products\Registry Cleaner\regsearch.exe
2010-05-18 02:53 . 2008-05-04 04:10 466 ----a-w- c:\program files\AML Products\Registry Cleaner\regclean.exe.manifest
2010-05-18 02:53 . 2009-10-31 16:39 61440 ----a-w- c:\program files\AML Products\Registry Cleaner\startup.exe
2010-05-18 02:53 . 2008-11-29 20:50 20480 ----a-w- c:\program files\AML Products\Registry Cleaner\FRC.exe
2010-05-18 02:53 . 2009-10-31 16:38 98304 ----a-w- c:\program files\AML Products\Registry Cleaner\pm.exe
2010-05-18 02:53 . 2009-10-31 16:38 94208 ----a-w- c:\program files\AML Products\Registry Cleaner\clean.exe
2010-05-18 02:53 . 2008-01-25 20:24 205 ----a-w- c:\program files\AML Products\Registry Cleaner\ftlist.txt
2010-05-18 02:53 . 2009-10-31 16:38 516096 ----a-w- c:\program files\AML Products\Registry Cleaner\regback.exe
2010-05-18 02:53 . 2009-10-29 21:10 615424 ----a-w- c:\program files\AML Products\Registry Cleaner\Styles\Office2007.cjstyles
2010-05-18 02:53 . 2009-10-20 16:39 579504 ----a-w- c:\program files\AML Products\Registry Cleaner\Codejock.SkinFramework.Unicode.v13.2.0.ocx
2010-05-18 02:53 . 2010-05-18 02:53 5 ----a-w- c:\program files\AML Products\Registry Cleaner\open.cpa
2010-05-18 02:53 . 2001-08-24 00:00 1388544 ----a-w- c:\program files\AML Products\Registry Cleaner\MSVBVM60.DLL
2010-05-18 02:53 . 2009-05-27 18:45 1599 ----a-w- c:\program files\AML Products\Registry Cleaner\Exclude.lst
2010-05-18 02:53 . 1996-08-24 11:11 1312 ----a-w- c:\program files\AML Products\Registry Cleaner\english.dll
2010-05-18 02:53 . 2010-03-26 03:37 507904 ----a-w- c:\program files\AML Products\Registry Cleaner\regclean.exe
2010-05-18 02:53 . 2010-05-18 02:52 1180095 ----a-w- c:\program files\AML Products\Registry Cleaner\unins000.exe
2010-05-18 02:53 . 2010-05-18 02:53 6005 ----a-w- c:\program files\AML Products\Registry Cleaner\unins000.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://hojo.dvrdns.org/WebDiginet.CAB
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys spke.sys hal.dll >>UNKNOWN [0x8AA41938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-28 17:16:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 21:16
ComboFix2.txt 2010-05-28 02:32
ComboFix3.txt 2010-05-26 20:36

Pre-Run: 92,637,769,728 bytes free
Post-Run: 92,481,552,384 bytes free

- - End Of File - - 4BF9EB13E03181A93F83A6DE461D045C

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the box below into it:
  

  killall:: Folder:: c:\program files\AML Products MBR:: Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

ComboFix 10-06-01.01 - Ravi 01/06/2010 18:17:24.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1535 [GMT -4:00]
Running from: c:\documents and settings\Ravi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ravi\Desktop\CFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AML Products
c:\program files\AML Products\Registry Cleaner\clean.exe
c:\program files\AML Products\Registry Cleaner\Codejock.SkinFramework.Unicode.v13.2.0.ocx
c:\program files\AML Products\Registry Cleaner\english.dll
c:\program files\AML Products\Registry Cleaner\Exclude.lst
c:\program files\AML Products\Registry Cleaner\FRC.exe
c:\program files\AML Products\Registry Cleaner\ftlist.txt
c:\program files\AML Products\Registry Cleaner\MSVBVM60.DLL
c:\program files\AML Products\Registry Cleaner\open.cpa
c:\program files\AML Products\Registry Cleaner\pm.exe
c:\program files\AML Products\Registry Cleaner\regback.exe
c:\program files\AML Products\Registry Cleaner\regclean.exe
c:\program files\AML Products\Registry Cleaner\regclean.exe.manifest
c:\program files\AML Products\Registry Cleaner\regsearch.exe
c:\program files\AML Products\Registry Cleaner\startup.exe
c:\program files\AML Products\Registry Cleaner\Styles\Office2007.cjstyles
c:\program files\AML Products\Registry Cleaner\UN.exe
c:\program files\AML Products\Registry Cleaner\unins000.dat
c:\program files\AML Products\Registry Cleaner\unins000.exe
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-05-26 04:03 . 2010-05-26 04:03 -------- d-----w- C:\_OTM
2010-05-21 01:37 . 2010-05-26 23:30 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 23:04 . 2010-05-20 23:04 -------- d-----w- c:\program files\iPod
2010-05-20 23:04 . 2010-05-20 23:05 -------- d-----w- c:\program files\iTunes
2010-05-20 22:58 . 2010-05-20 22:58 -------- d-----w- c:\program files\Bonjour
2010-05-20 22:39 . 2010-05-20 22:39 -------- d-----w- c:\program files\Common Files\Java
2010-05-20 22:39 . 2010-05-20 22:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-19 23:59 . 2010-05-19 23:59 -------- d-----w- c:\program files\ESET
2010-05-19 23:22 . 2010-05-20 22:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 20:39 . 2010-05-18 20:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-05-18 04:48 . 2010-05-18 04:48 -------- d-----w- c:\documents and settings\Ravi\Local Settings\Application Data\Threat Expert
2010-05-18 04:18 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-18 04:18 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-18 04:18 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 1152444 ----a-w- c:\windows\UDB.zip
2010-05-18 04:18 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-18 04:18 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-18 04:10 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-18 04:09 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-18 04:09 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-18 04:07 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-18 04:05 . 2010-05-18 04:19 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-18 04:05 . 2010-05-18 21:21 -------- d-----w- c:\program files\Spyware Doctor
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\PC Tools
2010-05-18 04:05 . 2010-05-18 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-18 03:37 . 2010-05-12 15:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 03:33 . 2010-05-18 03:34 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-17 03:07 . 2010-05-17 03:07 -------- d-----w- c:\documents and settings\Ravi\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-17 02:44 . 2010-05-17 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:39 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-17 02:28 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-17 02:27 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 22:26 . 2008-05-04 03:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 04:41 . 2008-03-27 01:05 -------- d-----w- c:\documents and settings\Ravi\Application Data\uTorrent
2010-05-24 19:35 . 2009-10-20 23:18 75 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences2.dat
2010-05-24 19:35 . 2008-07-02 01:10 42 ----a-w- c:\documents and settings\Ravi\jagex_runescape_preferences.dat
2010-05-24 19:11 . 2010-05-24 19:11 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcp71.dll
2010-05-24 19:11 . 2010-05-24 19:11 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\jmc.dll
2010-05-24 19:11 . 2010-05-24 19:11 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-d3d.dll
2010-05-24 19:11 . 2010-05-24 19:11 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f0e234b-n\decora-sse.dll
2010-05-24 19:11 . 2010-05-24 19:11 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-27992477-n\msvcr71.dll
2010-05-20 23:04 . 2007-11-12 04:12 -------- d-----w- c:\program files\Common Files\Apple
2010-05-20 22:54 . 2010-05-20 22:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-20 22:39 . 2010-05-20 22:39 503808 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcp71.dll
2010-05-20 22:39 . 2010-05-20 22:39 499712 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\jmc.dll
2010-05-20 22:39 . 2010-05-20 22:39 348160 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3fb9c459-n\msvcr71.dll
2010-05-20 22:39 . 2010-05-20 22:39 61440 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-sse.dll
2010-05-20 22:39 . 2010-05-20 22:39 12800 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-368969b5-n\decora-d3d.dll
2010-05-20 22:34 . 2006-06-19 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 22:32 . 2007-10-12 23:54 -------- d-----w- c:\program files\Java
2010-05-20 18:32 . 2006-04-07 20:49 76848 -c--a-w- c:\documents and settings\Ravi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 14:31 . 2008-10-15 22:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-19 02:52 . 2008-10-15 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-18 03:49 . 2009-06-27 03:08 737280 -c--a-w- c:\windows\iun6002.exe
2010-05-18 03:28 . 2006-05-05 01:47 -------- d-----w- c:\program files\MSN Messenger
2010-05-18 03:28 . 2006-12-15 02:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-14 21:27 . 2010-04-29 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-12 04:21 . 2007-03-21 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-01 18:05 . 2007-12-22 20:58 -------- d-----w- c:\documents and settings\Ravi\Application Data\U3
2010-04-21 21:05 . 2010-04-21 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 21:00 . 2010-04-21 20:59 -------- d-----w- c:\program files\QuickTime
2010-04-20 03:45 . 2010-04-20 03:45 0 ----a-w- c:\documents and settings\Ravi\jagex__preferences3.dat
2010-04-16 01:26 . 2010-01-26 23:34 71 -c--a-w- c:\documents and settings\Ravi\Application DatadMb.dat
2010-04-12 17:39 . 2010-04-29 00:49 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 17:59 . 2010-04-03 17:59 -------- d-----w- c:\program files\Eidos Interactive
2010-03-28 16:29 . 2009-11-27 13:21 79488 ----a-w- c:\documents and settings\Ravi\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31023\AcrobatUpdater.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 18:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2008-04-24 20:45 . 2008-04-24 20:45 42496 -c--a-w- c:\program files\HDFC.doc
2006-07-19 02:33 . 2006-07-19 02:33 37378 -c--a-w- c:\program files\Uninstal.exe
2002-10-12 19:23 . 2002-10-12 19:23 148 -c--a-w- c:\program files\REGSETUP.reg
2002-10-08 06:07 . 2002-10-12 19:19 9728 -c--a-w- c:\program files\patch.exe
2002-10-07 03:20 . 2002-10-07 03:19 2305 -c--a-w- c:\program files\Keyboard.cfg
2002-09-20 20:00 . 2002-10-07 03:14 53248 -c--a-w- c:\program files\config.exe
2002-08-26 22:01 . 2002-10-07 03:14 90112 -c--a-w- c:\program files\p5dll.dll
2002-07-09 04:00 . 2002-10-07 03:14 135168 -c--a-w- c:\program files\eax.dll
2001-10-30 20:57 . 2002-10-07 03:11 290869 -c--a-w- c:\program files\msvcrt.dll
2000-08-29 16:00 . 2002-10-07 03:11 401462 -c--a-w- c:\program files\Msvcp60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Remocon Driver.lnk - c:\program files\Sony\USBSircs\usbsircs.exe [2008-8-19 229376]
Service Manager.lnk - c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlmaint.exe [2002-12-17 156224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^GomezPEER.lnk]
backup=c:\windows\pss\GomezPEER.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^SkypeMate.lnk]
backup=c:\windows\pss\SkypeMate.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ravi^Start Menu^Programs^Startup^Sprint media monitor.lnk]
backup=c:\windows\pss\Sprint media monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-01-07 21:30 864256 -c----w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
2006-09-28 19:30 190024 ----a-w- c:\program files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 21:14 49152 -c----w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"StyleXPService"=2 (0x2)
"Fax"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/05/2010 12:09 AM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/08/2006 11:45 AM 717296]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [18/05/2010 12:18 AM 112592]
R2 MSSQL$ASI;MSSQL$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe -sASI [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [11/01/2009 12:52 AM 33808]
S3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\drivers\rockey4usb.sys [13/02/2004 2:41 PM 12928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [18/05/2010 12:06 AM 358600]
S3 SQLAgent$ASI;SQLAgent$ASI;c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI --> c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlagent.EXE -i ASI [?]
S3 xp1;xp1; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
- c:\documents and settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 18:59]

2010-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://hojo.dvrdns.org/WebDiginet.CAB
FF - ProfilePath - c:\documents and settings\Ravi\Application Data\Mozilla\Firefox\Profiles\txdw9u4i.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1 - c:\program files\AML Products\Registry Cleaner\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys sppc.sys hal.dll >>UNKNOWN [0x8AA75938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e47cb8
\Driver\atapi -> atapi.sys @ 0xb9e02b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Giga Pocket\shwserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Giga Pocket\RM_SV.exe
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-01 20:18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-02 00:18
ComboFix2.txt 2010-05-28 21:16
ComboFix3.txt 2010-05-28 02:32
ComboFix4.txt 2010-05-26 20:36

Pre-Run: 92,161,118,208 bytes free
Post-Run: 92,091,490,304 bytes free

- - End Of File - - EB86A3E35A887383FA0435D118A820D0

Seems like a very deep infection here.

Please download MySystem-Search from one of the following links:

Download mirror 1 Download mirror 2

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

MySystem-Search

Run on 02/06/2010 at 18:03:56

MSS v1.1


Basic System Information



CD Emulation Drivers running?

DAEMON Tools/Duplex Secure found!
Roxio found!


Peer-to-Peer applications?

LimeWire found!
uTorrent found!


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile


Running processes



Hidden objects

PATH: C:\windows

$hf_mig$
$NtServicePackUninstall$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB835221WXP$
$NtUninstallKB885836$
$NtUninstallKB886185$
$NtUninstallKB887742$
$NtUninstallKB888302$
$NtUninstallKB890046$
$NtUninstallKB890859$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB895316$
$NtUninstallKB896428$
$NtUninstallKB898458$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB902344$
$NtUninstallKB902400$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB905915$
$NtUninstallKB908519$
$NtUninstallKB908531$
$NtUninstallKB909394$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911564$
$NtUninstallKB911565$
$NtUninstallKB911567$
$NtUninstallKB911927$
$NtUninstallKB912812$
$NtUninstallKB912919$
$NtUninstallKB913446$
$NtUninstallKB913580$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB916281$
$NtUninstallKB916595$
$NtUninstallKB917159$
$NtUninstallKB917344$
$NtUninstallKB917422$
$NtUninstallKB917734_WMP10$
$NtUninstallKB917953$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB918899$
$NtUninstallKB919007$
$NtUninstallKB920213$
$NtUninstallKB920214$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB921398$
$NtUninstallKB921503$
$NtUninstallKB921883$
$NtUninstallKB922582$
$NtUninstallKB922616$
$NtUninstallKB922819$
$NtUninstallKB923191$
$NtUninstallKB923414$
$NtUninstallKB923561$
$NtUninstallKB923694$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924191$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925902$
$NtUninstallKB926239$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB929338$
$NtUninstallKB929399$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB931836$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933360$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB936357$
$NtUninstallKB936782_WMP11$
$NtUninstallKB938464$
$NtUninstallKB938464-v2$
$NtUninstallKB938464_0$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB939683$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941569$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942763$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946648$
$NtUninstallKB946648_0$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950762_0$
$NtUninstallKB950974$
$NtUninstallKB950974_0$
$NtUninstallKB951066$
$NtUninstallKB951066_0$
$NtUninstallKB951072-v2$
$NtUninstallKB951376$
$NtUninstallKB951376-v2$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951376_0$
$NtUninstallKB951698$
$NtUninstallKB951698_0$
$NtUninstallKB951748$
$NtUninstallKB951748_0$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952287_0$
$NtUninstallKB952954$
$NtUninstallKB952954_0$
$NtUninstallKB953839$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB954211$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956391$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956841$
$NtUninstallKB956844$
$NtUninstallKB957095$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958690$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960715$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371$
$NtUninstallKB961373$
$NtUninstallKB961501$
$NtUninstallKB961503$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969898$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB971961$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979683$
$NtUninstallKB980232$
$NtUninstallKB981349$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
ftpcache
ie7
inf
Installer
PIF
QTFont.qfn
WindowsShell.Manifest
winnt.bmp
winnt256.bmp


PATH: C:\windows\system32

dllcache
DVDRippper_sysquict.dat
zllictbl.dat


PATH: C:\windows\system32\drivers



PATH: C:\

BOOT.BKK
boot.ini
cmdcons
dell.sdr
hiberfil.sys
IO.SYS
IPH.PH
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
System Volume Information


User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6245e67e
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6146cae0
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Ravi
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CEE030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb5fd58b0
ProfileLoadTimeHigh REG_DWORD 0x1cb025b
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1007
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Hetvi
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CEF030000
Flags REG_DWORD 0x0
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x3165a594
ProfileLoadTimeHigh REG_DWORD 0x1c6b115
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Hetvi.D57NSK91
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF0030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xf28ded4e
ProfileLoadTimeHigh REG_DWORD 0x1c7369e
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x2415aafe
ProfileLoadTimeHigh REG_DWORD 0x1caf56a
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3960072812-4118492247-1275301789-501
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest
Sid REG_BINARY 0105000000000005150000006CEA09EC57347BF59D8F034CF5010000
Flags REG_DWORD 0x0
State REG_DWORD 0x80
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xceca056c
ProfileLoadTimeHigh REG_DWORD 0x1c74721
RefCount REG_DWORD 0x2
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb


Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006Core.job
GoogleUpdateTaskUserS-1-5-21-3960072812-4118492247-1275301789-1006UA.job
desktop.ini
MP Scheduled Scan.job
SA.DAT


Windows Drivers and NT-Services

Volume in drive C is Dimension3100
Volume Serial Number is 3C2B-C942

Directory of C:\Windows\System32\Drivers

Volume in drive C is Dimension3100
Volume Serial Number is 3C2B-C942

Directory of C:\Windows\System32\Drivers

05/05/1999 10:22 AM 9,360 ntmap.sys
02/11/1999 11:01 AM 6,173 Entech.vxd
05/12/2000 04:18 PM 3,952 DMICall.sys
17/08/2001 01:56 PM 7,552 sonypvu1.sys
17/08/2001 03:48 PM 12,160 mouhid.sys
17/08/2001 03:51 PM 3,328 pciide.sys
17/08/2001 03:51 PM 6,656 cmdide.sys
17/08/2001 03:51 PM 5,248 aliide.sys
17/08/2001 03:51 PM 4,992 toside.sys
17/08/2001 03:51 PM 14,848 asc3550.sys
17/08/2001 03:52 PM 23,552 ABP480N5.SYS
17/08/2001 03:52 PM 26,496 asc.sys
17/08/2001 03:52 PM 12,800 aha154x.sys
17/08/2001 03:52 PM 22,400 asc3350p.sys
17/08/2001 03:52 PM 12,032 amsint.sys
17/08/2001 03:52 PM 14,976 cpqarray.sys
17/08/2001 03:52 PM 7,680 cd20xrnt.sys
17/08/2001 03:52 PM 16,000 ini910u.sys
17/08/2001 03:52 PM 13,952 cbidf2k.sys
17/08/2001 03:52 PM 17,280 mraid35x.sys
17/08/2001 03:52 PM 40,448 ql1240.sys
17/08/2001 03:52 PM 33,152 ql10wnt.sys
17/08/2001 03:52 PM 179,584 dac2w2k.sys
17/08/2001 03:52 PM 14,720 dac960nt.sys
17/08/2001 03:52 PM 49,024 ql1280.sys
17/08/2001 03:52 PM 45,312 ql12160.sys
17/08/2001 03:52 PM 40,320 ql1080.sys
17/08/2001 03:52 PM 36,736 ultra.sys
17/08/2001 03:52 PM 125,056 ftdisk.sys
17/08/2001 03:57 PM 16,128 MODEMCSA.sys
17/08/2001 03:59 PM 3,072 audstub.sys
17/08/2001 04:07 PM 101,888 adpu160m.sys
17/08/2001 04:07 PM 16,256 symc810.sys
17/08/2001 04:07 PM 55,168 aic78u2.sys
17/08/2001 04:07 PM 32,640 symc8xx.sys
17/08/2001 04:07 PM 56,960 aic78xx.sys
17/08/2001 04:07 PM 27,296 perc2.sys
17/08/2001 04:07 PM 28,384 sym_hi.sys
17/08/2001 04:07 PM 30,688 sym_u3.sys
17/08/2001 04:07 PM 5,504 perc2hib.sys
17/08/2001 04:07 PM 20,192 dpti2o.sys
17/08/2001 04:07 PM 19,072 sparrow.sys
17/08/2001 04:07 PM 25,952 hpn.sys
19/11/2001 08:05 PM 3,972 PciBus.sys
06/06/2003 09:29 AM 15,884 UMP3.sys
01/08/2003 12:16 AM 17 DVEMODEM.DAT
17/11/2003 11:56 PM 1,042,432 HSF_DP.sys
17/11/2003 11:58 PM 680,704 HSF_CNXT.sys
17/11/2003 11:59 PM 212,224 HSFHWBS2.sys
19/11/2003 10:15 AM 128,398 del200f.cty
13/02/2004 02:41 PM 22,016 rockey4.sys
13/02/2004 02:41 PM 12,928 rockey4usb.sys
25/02/2004 09:28 AM 768,256 smrt.sys
22/06/2004 04:44 PM 5,632 Entech64.sys
17/07/2004 11:35 AM 67,866 netwlan5.img
17/07/2004 11:36 AM 64,352 ativmc20.cod
17/07/2004 10:55 PM 129,045 cxthsfs2.cty
03/08/2004 10:29 PM 327,040 ati2mtaa.sys
03/08/2004 10:29 PM 701,440 ati2mtag.sys
03/08/2004 10:29 PM 57,856 atinbtxx.sys
03/08/2004 10:29 PM 14,336 atinpdxx.sys
03/08/2004 10:29 PM 13,824 atinmdxx.sys
03/08/2004 10:29 PM 52,224 atinraxx.sys
03/08/2004 10:29 PM 11,615 ati1mdxx.sys
03/08/2004 10:29 PM 12,047 ati1pdxx.sys
03/08/2004 10:29 PM 56,623 ati1btxx.sys
03/08/2004 10:29 PM 29,455 ati1xbxx.sys
03/08/2004 10:29 PM 31,744 atinxbxx.sys
03/08/2004 10:29 PM 63,488 atinxsxx.sys
03/08/2004 10:29 PM 21,343 ati1ttxx.sys
03/08/2004 10:29 PM 26,367 ati1snxx.sys
03/08/2004 10:29 PM 63,663 ati1rvxx.sys
03/08/2004 10:29 PM 30,671 ati1raxx.sys
03/08/2004 10:29 PM 28,672 atinsnxx.sys
03/08/2004 10:29 PM 104,960 atinrvxx.sys
03/08/2004 10:29 PM 73,216 atintuxx.sys
03/08/2004 10:29 PM 36,463 ati1tuxx.sys
03/08/2004 10:29 PM 34,735 ati1xsxx.sys
03/08/2004 10:29 PM 13,824 atinttxx.sys
03/08/2004 10:29 PM 452,736 mtxparhm.sys
03/08/2004 10:29 PM 11,295 wadv08nt.sys
03/08/2004 10:29 PM 11,807 wadv07nt.sys
03/08/2004 10:29 PM 11,871 wadv09nt.sys
03/08/2004 10:29 PM 11,935 wadv11nt.sys
03/08/2004 10:29 PM 22,271 watv06nt.sys
03/08/2004 10:29 PM 25,471 watv10nt.sys
03/08/2004 10:29 PM 166,912 s3gnbm.sys
03/08/2004 10:41 PM 1,309,184 mtlstrm.sys
03/08/2004 10:41 PM 180,360 ntmtlfax.sys
03/08/2004 10:41 PM 126,686 mtlmnt5.sys
03/08/2004 10:41 PM 13,776 recagent.sys
03/08/2004 10:41 PM 129,535 slnt7554.sys
03/08/2004 10:41 PM 404,990 slntamr.sys
03/08/2004 10:41 PM 95,424 slnthal.sys
03/08/2004 10:41 PM 13,240 slwdmsup.sys
03/08/2004 10:41 PM 220,032 hsfbs2s2.sys
03/08/2004 10:41 PM 685,056 hsfcxts2.sys
03/08/2004 10:41 PM 1,041,536 hsfdpsp2.sys
03/08/2004 10:41 PM 11,868 mdmxsdk.sys
04/08/2004 12:29 AM 1,897,408 nv4_mini.sys
04/08/2004 07:00 AM 5,888 rootmdm.sys
04/08/2004 07:00 AM 32,896 ipfltdrv.sys
04/08/2004 07:00 AM 5,888 dmload.sys
04/08/2004 07:00 AM 12,032 riodrv.sys
04/08/2004 07:00 AM 12,032 rio8drv.sys
04/08/2004 07:00 AM 16,512 raspti.sys
04/08/2004 07:00 AM 12,032 ws2ifsl.sys
04/08/2004 07:00 AM 4,224 rdpcdd.sys
04/08/2004 07:00 AM 10,496 dxapi.sys
04/08/2004 07:00 AM 11,648 acpiec.sys
04/08/2004 07:00 AM 3,328 dxgthk.sys
04/08/2004 07:00 AM 4,352 wmilib.sys
04/08/2004 07:00 AM 58,112 vdmindvd.sys
04/08/2004 07:00 AM 11,776 cpqdap01.sys
04/08/2004 07:00 AM 4,224 beep.sys
04/08/2004 07:00 AM 12,032 nikedrv.sys
04/08/2004 07:00 AM 34,432 rawwan.sys
04/08/2004 07:00 AM 14,592 smclib.sys
04/08/2004 07:00 AM 4,736 usbd.sys
04/08/2004 07:00 AM 352,256 atmuni.sys
04/08/2004 07:00 AM 262,528 cinemst2.sys
04/08/2004 07:00 AM 12,160 fsvga.sys
04/08/2004 07:00 AM 7,936 fs_rec.sys
04/08/2004 07:00 AM 31,360 atmepvc.sys
04/08/2004 07:00 AM 6,784 parvdm.sys
04/08/2004 07:00 AM 3,456 oprghdlr.sys
04/08/2004 07:00 AM 3,440,660 gm.dls
04/08/2004 07:00 AM 646 gmreadme.txt
04/08/2004 07:00 AM 55,936 nwlnkspx.sys
04/08/2004 07:00 AM 21,376 tsbvcap.sys
04/08/2004 07:00 AM 63,232 nwlnknb.sys
04/08/2004 07:00 AM 32,512 nwlnkfwd.sys
04/08/2004 07:00 AM 12,416 nwlnkflt.sys
04/08/2004 07:00 AM 8,832 rasacd.sys
04/08/2004 07:00 AM 2,944 null.sys
04/08/2004 07:00 AM 51,712 tosdvd.sys
04/08/2004 07:00 AM 4,224 mnmdd.sys
04/08/2004 07:00 AM 17,792 ptilink.sys
04/08/2004 07:00 AM 18,688 Cdaudio.sys
04/08/2004 07:00 AM 7,680 mcd.sys
10/08/2004 02:52 PM disdn
12/08/2004 07:45 PM 113,664 Hdaudio.sys
14/10/2004 10:30 AM 155,648 e100b325.sys
15/10/2004 12:50 PM 15,295 BrScnUsb.sys
25/10/2004 09:02 PM 21,664 entech.sys
02/11/2004 05:12 PM 19,456 iqvw32.sys
10/02/2005 07:07 AM 456,448 ar5211.sys
25/04/2005 04:03 AM 20,640 pxhelp20.sys
02/08/2005 11:00 PM 232,192 rt73.sys
14/10/2005 11:15 PM 1,302,812 ialmnt5.sys
16/11/2005 11:36 PM 1,047,816 sthda.sys
18/01/2006 10:44 PM 53,248 BrSerIf.sys
19/01/2006 03:17 AM 11,904 BrUsbSer.sys
20/01/2006 01:04 PM 360 StMp3Recnt.cat
20/01/2006 04:27 PM 71,358 stmp3rec.sys
01/03/2006 08:26 PM 5,572 1028_Dell_DIM_DV051.mrk
30/06/2006 04:10 PM 26,752 rimserial.sys
28/09/2006 07:55 PM 77,568 wudfpf.sys
28/09/2006 08:00 PM 82,944 wudfrd.sys
18/10/2006 09:00 PM 38,528 wpdusb.sys
14/12/2006 10:25 PM umdf
13/01/2007 10:33 AM 5,672,032 igxpmp32.sys
13/11/2007 06:25 AM 20,480 secdrv.sys
27/03/2008 12:44 PM 717,296 sptd.sys
13/04/2008 12:36 PM 144,384 hdaudbus.sys
13/04/2008 12:39 PM 142,592 aec.sys
13/04/2008 02:31 PM 35,840 processr.sys
13/04/2008 02:31 PM 42,752 p3.sys
13/04/2008 02:31 PM 36,352 intelppm.sys
13/04/2008 02:31 PM 37,376 amdk6.sys
13/04/2008 02:31 PM 36,736 crusoe.sys
13/04/2008 02:31 PM 37,760 amdk7.sys
13/04/2008 02:32 PM 66,048 udfs.sys
13/04/2008 02:32 PM 19,072 msfs.sys
13/04/2008 02:32 PM 30,848 npfs.sys
13/04/2008 02:32 PM 180,608 mrxdav.sys
13/04/2008 02:32 PM 196,224 rdpdr.sys
13/04/2008 02:32 PM 129,792 fltmgr.sys
13/04/2008 02:33 PM 44,544 fips.sys
13/04/2008 02:36 PM 5,888 smbali.sys
13/04/2008 02:36 PM 187,776 acpi.sys
13/04/2008 02:36 PM 42,752 alim1541.sys
13/04/2008 02:36 PM 42,368 agp440.sys
13/04/2008 02:36 PM 44,928 agpcpq.sys
13/04/2008 02:36 PM 43,008 amdagp.sys
13/04/2008 02:36 PM 40,960 sisagp.sys
13/04/2008 02:36 PM 46,464 gagp30kx.sys
13/04/2008 02:36 PM 44,672 uagp35.sys
13/04/2008 02:36 PM 42,240 viaagp.sys
13/04/2008 02:36 PM 63,744 mf.sys
13/04/2008 02:36 PM 37,248 isapnp.sys
13/04/2008 02:36 PM 120,192 pcmcia.sys
13/04/2008 02:36 PM 68,224 pci.sys
13/04/2008 02:36 PM 79,232 sdbus.sys
13/04/2008 02:36 PM 15,488 mssmbios.sys
13/04/2008 02:36 PM 73,472 sr.sys
13/04/2008 02:38 PM 71,168 dxg.sys
13/04/2008 02:39 PM 384,768 update.sys
13/04/2008 02:39 PM 42,368 mountmgr.sys
13/04/2008 02:39 PM 23,040 mouclass.sys
13/04/2008 02:39 PM 24,576 kbdclass.sys
13/04/2008 02:39 PM 14,592 kbdhid.sys
13/04/2008 02:39 PM 5,504 mstee.sys
13/04/2008 02:39 PM 5,376 mspclock.sys
13/04/2008 02:39 PM 4,992 mspqm.sys
13/04/2008 02:39 PM 7,552 mskssrv.sys
13/04/2008 02:39 PM 4,352 swenum.sys
13/04/2008 02:40 PM 80,128 parport.sys
13/04/2008 02:40 PM 15,744 serenum.sys
13/04/2008 02:40 PM 27,392 fdc.sys
13/04/2008 02:40 PM 20,480 flpydisk.sys
13/04/2008 02:40 PM 34,688 lbrtfdc.sys
13/04/2008 02:40 PM 57,600 redbook.sys
13/04/2008 02:40 PM 24,960 pciidex.sys
13/04/2008 02:40 PM 5,504 intelide.sys
13/04/2008 02:40 PM 96,384 scsiport.sys
13/04/2008 02:40 PM 96,512 atapi.sys
13/04/2008 02:40 PM 5,376 viaide.sys
13/04/2008 02:40 PM 14,208 diskdump.sys
13/04/2008 02:40 PM 62,976 cdrom.sys
13/04/2008 02:40 PM 11,008 sffp_sd.sys
13/04/2008 02:40 PM 36,352 disk.sys
13/04/2008 02:40 PM 11,904 sffdisk.sys
13/04/2008 02:40 PM 11,392 Sfloppy.sys
13/04/2008 02:40 PM 10,240 sffp_mmc.sys
13/04/2008 02:40 PM 19,712 partmgr.sys
13/04/2008 02:40 PM 14,976 tape.sys
13/04/2008 02:40 PM 8,192 changer.sys
13/04/2008 02:40 PM 42,112 imapi.sys
13/04/2008 02:41 PM 52,352 volsnap.sys
13/04/2008 02:41 PM 18,560 i2omp.sys
13/04/2008 02:41 PM 8,576 i2omgmt.sys
13/04/2008 02:43 PM 12,672 mutohpen.sys
13/04/2008 02:43 PM 14,208 wacompen.sys
13/04/2008 02:44 PM 20,992 vga.sys
13/04/2008 02:44 PM 81,664 videoprt.sys
13/04/2008 02:44 PM 153,344 dmio.sys
13/04/2008 02:44 PM 799,744 dmboot.sys
13/04/2008 02:45 PM 52,864 dmusic.sys
13/04/2008 02:45 PM 6,272 splitter.sys
13/04/2008 02:45 PM 172,416 kmixer.sys
13/04/2008 02:45 PM 56,576 swmidi.sys
13/04/2008 02:45 PM 2,944 drmkaud.sys
13/04/2008 02:45 PM 24,960 hidparse.sys
13/04/2008 02:45 PM 36,864 hidclass.sys
13/04/2008 02:45 PM 19,200 hidir.sys
13/04/2008 02:45 PM 10,368 hidusb.sys
13/04/2008 02:45 PM 15,104 usbscan.sys
13/04/2008 02:45 PM 30,208 usbehci.sys
13/04/2008 02:45 PM 20,608 usbuhci.sys
13/04/2008 02:45 PM 143,872 usbport.sys
13/04/2008 02:45 PM 59,520 usbhub.sys
13/04/2008 02:45 PM 26,368 usbstor.sys
13/04/2008 02:45 PM 32,128 usbccgp.sys
13/04/2008 02:45 PM 25,600 usbcamd.sys
13/04/2008 02:45 PM 25,728 usbcamd2.sys
13/04/2008 02:45 PM 15,872 usbintel.sys
13/04/2008 02:46 PM 25,344 sonydcam.sys
13/04/2008 02:46 PM 15,232 streamip.sys
13/04/2008 02:46 PM 10,880 ndisip.sys
13/04/2008 02:46 PM 11,136 slip.sys
13/04/2008 02:46 PM 17,024 ccdecode.sys
13/04/2008 02:46 PM 19,200 wstcodec.sys
13/04/2008 02:46 PM 85,248 nabtsfec.sys
13/04/2008 02:46 PM 18,944 bthusb.sys
13/04/2008 02:46 PM 25,600 hidbth.sys
13/04/2008 02:46 PM 36,480 bthprint.sys
13/04/2008 02:46 PM 59,136 rfcomm.sys
13/04/2008 02:46 PM 37,888 bthmodem.sys
13/04/2008 02:46 PM 17,024 bthenum.sys
13/04/2008 02:47 PM 25,856 usbprint.sys
13/04/2008 02:51 PM 61,824 nic1394.sys
13/04/2008 02:51 PM 59,904 atmarpc.sys
13/04/2008 02:51 PM 60,800 arp1394.sys
13/04/2008 02:51 PM 55,808 atmlane.sys
13/04/2008 02:51 PM 101,120 bthpan.sys
13/04/2008 02:53 PM 40,320 nmnt.sys
13/04/2008 02:53 PM 71,552 bridge.sys
13/04/2008 02:53 PM 36,608 ip6fw.sys
13/04/2008 02:54 PM 11,264 irenum.sys
13/04/2008 02:55 PM 14,592 ndisuio.sys
13/04/2008 02:56 PM 12,288 tunmp.sys
13/04/2008 02:56 PM 34,688 netbios.sys
13/04/2008 02:56 PM 88,320 nwlnkipx.sys
13/04/2008 02:56 PM 35,072 msgpc.sys
13/04/2008 02:56 PM 69,120 psched.sys
13/04/2008 02:56 PM 12,800 usb8023.sys
13/04/2008 02:56 PM 30,592 rndismpx.sys
13/04/2008 02:56 PM 12,800 usb8023x.sys
13/04/2008 02:56 PM 30,592 rndismp.sys
13/04/2008 02:57 PM 20,864 ipinip.sys
13/04/2008 02:57 PM 152,832 ipnat.sys
13/04/2008 02:57 PM 34,560 wanarp.sys
13/04/2008 02:57 PM 14,336 asyncmac.sys
13/04/2008 02:57 PM 10,112 ndistapi.sys
13/04/2008 02:57 PM 40,576 ndproxy.sys
13/04/2008 02:57 PM 41,472 raspppoe.sys
13/04/2008 03:00 PM 19,072 tdi.sys
13/04/2008 03:00 PM 30,080 modem.sys
13/04/2008 03:14 PM 63,744 cdfs.sys
13/04/2008 03:14 PM 143,744 fastfat.sys
13/04/2008 03:15 PM 64,512 serial.sys
13/04/2008 03:15 PM 574,976 ntfs.sys
13/04/2008 03:15 PM 60,800 sysaudio.sys
13/04/2008 03:16 PM 49,536 classpnp.sys
13/04/2008 03:17 PM 105,344 mup.sys
13/04/2008 03:17 PM 83,072 wdmaud.sys
13/04/2008 03:18 PM 52,480 i8042prt.sys
13/04/2008 03:19 PM 75,264 ipsec.sys
13/04/2008 03:19 PM 51,328 rasl2tp.sys
13/04/2008 03:19 PM 48,384 raspptp.sys
13/04/2008 03:20 PM 182,656 ndis.sys
13/04/2008 03:20 PM 91,520 ndiswan.sys
13/04/2008 03:21 PM 162,816 netbt.sys
13/04/2008 03:28 PM 175,744 rdbss.sys
13/04/2008 03:45 PM 60,032 usbaudio.sys
13/04/2008 03:45 PM 60,160 drmk.sys
13/04/2008 03:45 PM 49,408 stream.sys
13/04/2008 03:46 PM 121,984 usbvideo.sys
13/04/2008 04:16 PM 141,056 ks.sys
13/04/2008 04:19 PM 146,048 portcls.sys
13/04/2008 08:11 PM 4,255 adv01nt5.dll
13/04/2008 08:11 PM 3,615 adv05nt5.dll
13/04/2008 08:11 PM 3,135 adv08nt5.dll
13/04/2008 08:11 PM 3,711 adv09nt5.dll
13/04/2008 08:11 PM 3,775 adv11nt5.dll
13/04/2008 08:11 PM 3,647 adv07nt5.dll
13/04/2008 08:11 PM 3,967 adv02nt5.dll
13/04/2008 08:11 PM 11,359 atv02nt5.dll
13/04/2008 08:11 PM 25,471 atv04nt5.dll
13/04/2008 08:11 PM 15,423 ch7xxnt5.dll
13/04/2008 08:11 PM 14,143 atv06nt5.dll
13/04/2008 08:11 PM 17,279 atv10nt5.dll
13/04/2008 08:11 PM 21,183 atv01nt5.dll
13/04/2008 08:12 PM 3,901 siint5.dll
13/04/2008 08:12 PM 11,325 vchnt5.dll
13/04/2008 08:13 PM 40,840 termdd.sys
13/04/2008 08:13 PM 12,040 TDPIPE.sys
13/04/2008 08:13 PM 21,896 TDTCP.sys
13/04/2008 08:13 PM 139,656 RDPWD.sys
08/05/2008 10:02 AM 203,136 rmcast.sys
13/06/2008 07:05 AM 272,128 bthport.sys
20/06/2008 07:51 AM 361,600 tcpip.sys
04/08/2008 05:22 PM 33,808 nx6000.sys
14/08/2008 06:04 AM 138,496 afd.sys
11/01/2009 07:18 PM 80,552 sscdbus.sys
11/01/2009 07:18 PM 9,256 sscdcmnt.sys
11/01/2009 07:18 PM 9,256 sscdcm.sys
11/01/2009 07:18 PM 11,944 sscdmdfl.sys
11/01/2009 07:18 PM 106,792 sscdmdm.sys
11/01/2009 07:18 PM 86,824 sscdserd.sys
11/01/2009 07:18 PM 9,256 sscdwh.sys
11/01/2009 07:18 PM 9,256 sscdwhnt.sys
15/03/2009 06:25 AM 56,268 scdemu.sys
25/04/2009 07:13 PM 138,512 PnkBstrK.sys
03/05/2009 12:00 AM 47,360 pcouffin.sys
18/05/2009 02:17 PM 26,600 GEARAspiWDM.sys
24/06/2009 07:18 AM 92,928 ksecdd.sys
03/09/2009 09:45 AM 70,408 pctplsg.sys
15/09/2009 01:01 AM 7,387 pctgntdi.cat
15/09/2009 02:12 AM 7,412 PCTAppEvent.cat
15/09/2009 06:20 AM 7,383 pctplsg.cat
16/09/2009 03:20 AM 7,383 pctcore.cat
23/09/2009 04:10 PM 207,280 PCTCore.sys
24/09/2009 08:55 AM 229,304 pctgntdi.sys
06/10/2009 04:31 PM 87,784 PCTAppEvent.sys
16/10/2009 02:33 AM 41,472 usbaapl.sys
20/10/2009 12:20 PM 265,728 http.sys
02/12/2009 03:23 PM 149,040 MpFilter.sys
31/12/2009 12:50 PM 353,792 srv.sys
11/02/2010 08:02 AM 226,880 tcpip6.sys
24/02/2010 09:11 AM 455,680 mrxsmb.sys
01/06/2010 08:07 PM etc
01/06/2010 08:18 PM .
01/06/2010 08:18 PM ..
370 File(s) 41,658,143 bytes
5 Dir(s) 92,024,516,608 bytes free


Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ravi\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D57NSK91
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ravi
LOGONSERVER=\\D57NSK91
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ravi\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ravi\LOCALS~1\Temp
USERDOMAIN=D57NSK91
USERNAME=Ravi
USERPROFILE=C:\Documents and Settings\Ravi
windir=C:\WINDOWS


Stealth malware?



Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
Default_Secondary_Page_URL REG_MULTI_SZ \0\0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
Enable Browser Extensions REG_SZ yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
WarnOnZoneCrossing REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
SecureProtocols REG_DWORD 0xa0
EnableAutodial REG_DWORD 0x0
WarnOnIntranet REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
ProxyOverride REG_SZ ;*.local
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
SearchMigrated REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4E000000290000007B030000E6020000
CompatibilityFlags REG_DWORD 0x0
LastCheckedHi REG_DWORD 0x1cb025b
Start Page REG_SZ http://www.msn.com/
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
Use FormSuggest REG_SZ no
FormSuggest Passwords REG_SZ yes
FormSuggest PW Ask REG_SZ no
Enable Browser Extensions REG_SZ yes
AlwaysShowMenus REG_DWORD 0x1
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
NotifyDownloadComplete REG_SZ yes
AutoHide REG_SZ yes
ControlTooltipCount REG_DWORD 0x5
StatusBarWeb REG_DWORD 0x1
First Home Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54843

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0BF43445-2F28-4351-9252-17FE6E806AA0} REG_SZ McAfee SiteAdvisor
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} REG_BINARY 00
{47833539-D0C5-4125-9FA8-0819E2EAAC93} REG_BINARY 00
{472734EA-242A-422B-ADF8-83D1E48CC825} REG_SZ PC Tools Browser Guard

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\QuickComplete

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to Existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert Link Target to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF


Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
AOL Connectivity Services REG_SZ
REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ABBYY FineReader 5.0 Sprint

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Album Starter Edition 3.2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Defender_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CAL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDVC5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowDVC6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CameraWindowLauncher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Canon G.726 WMP-Decoder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CSCLIB

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EOS Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928090-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931768-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939653-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961503

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981349

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Measurement Services Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! Live

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Essentials

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieEditTask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.0.13)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSNINST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyCameraDC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoStitch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerISO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROPLUS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RAW Image Task

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RemoteCaptureTask

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SopCast

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vodafone 804SS USB driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Mobile Device Handbook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomBrowser EX Memory Card Utility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{075473F5-846A-448B-BCB3-104AA1760205}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D490016-5D01-4CB3-A037-55814AC63D2E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21657574-BD54-48A2-9450-EB03B2C7FC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216010FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35BDEFF1-A610-4956-A00D-15453C116395}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B4E636E-9D65-4D67-BA61-189800823F52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{548EEA8E-8299-497F-8057-811D2D7097DC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A6E9A9-A190-46D4-9430-2DB28654AFD8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6412CECE-8172-4BE5-935B-6CECACD2CA87}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6990A2BF-D1D2-11D3-81BC-00609789C908}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A1975EB-27E6-491D-94BC-6355FA25F40F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74F7662C-B1DB-489E-A8AC-07A06B24978B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76C24F39-B161-498F-BD8B-C64789812D13}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B08D306-7266-4647-A926-2F78817ED1E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A253629-0511-4854-8B4E-46E57E66005C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0010-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2C69BACE-1151-41C0-8C8D-F6026D510BD4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34573F17-DADE-4D0D-835F-A54A1DE8AC1F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{432C5EE4-8096-4FF1-95E1-65219365DFF7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{667A88D1-0369-4070-A62A-70672D68A9BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6DE3DABF-0203-426B-B330-7287D1003E86}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7559E742-FF9F-4FAE-B279-008ED296CB4D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CF3D6499-709C-43D0-8908-BC5652656050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93B80FB1-7A23-11D3-B250-00105A1F4184}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{97130A1A-4AC4-4E5F-9F13-B658D2F25AB4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A654A805-41D9-40C7-AA46-4AF04F044D61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAF4238F-7C29-451D-9925-C753271A5728}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B12665F4-4E93-4AB4-B7FC-37053B524629}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B702CCCE-3176-4DBF-B932-D1B8F402F330}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CECFDD53-35DB-4235-9363-7964A0C88E0E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D050D7362D214723AD585B541FFB6C11}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09B48B5-E141-427A-AB0C-D3605127224A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2DFE069-083E-4631-9B6C-43C48E991DE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9ED0801-253D-4FE9-AB20-F63DEFE72547}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF98A02A-1748-4762-9B7D-5ED1600520D5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sun Download Manager 2.0 (web)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Update REG_SZ "C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Adobe Acrobat Speed Launcher REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSSE REG_SZ "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel


Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
ActiveX


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DCEC959-378A-4922-AD7E-FD5C925D927F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792-115447494D24}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FEFF364-6A5F-4966-A917-A3AC28411659}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9E265649-6E0E-4EEA-9F49-DAE0801440CF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CD995117-98E5-4169-9920-6C12D4C0B548}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0636FB7B-1F84-45C8-ACB7-3DB694953DDB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12E90842-C7FC-410B-9C0A-C16A41E9C3BC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2810EB22-763D-4D0C-9450-64BBD1758685}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{333738F7-7213-41D7-8B48-7BBF8FF84506}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37986F02-8398-46DF-8EF8-6C1949A3FB54}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C78A53C-626B-42FD-A988-D71B8878FDCC}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{531D3D38-B38F-4A40-9052-52EFBA55506B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F0F8113-20C1-4883-BE1F-78D5268E9D54}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F99F7B89-9064-4116-A439-222599256C73}


Windows IP Configuration



Host Name . . . . . . . . . . . . : D57NSK91

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-DF-C4-85

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::213:20ff:fedf:c485%4

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : June 2, 2010 9:56:22 AM

Lease Expires . . . . . . . . . . : June 5, 2010 9:56:22 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-0C

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.12%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x42c
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


SafeBoot



AppCert DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls


Extra


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\0

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\1

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\2

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\3

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\4

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\5

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\6

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\7

HKEY_LOCAL_MACHINE\HARDWARE\DEscriptION\System\MultifunctionAdapter\8


App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Acrobat.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcrobatInfo.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroDist.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ahc.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Help Center\
REG_SZ C:\Program Files\Adobe\Adobe Help Center\ahc.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BrMfcWnd.exe
Path REG_SZ C:\Program Files\Brother\Brmfcmon

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
REG_SZ C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Path REG_SZ C:\Documents and Settings\Ravi\Local Settings\Application Data\Google\Chrome\Application

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
Path REG_SZ C:\WINDOWS\system32
CmstpExtensionDll REG_SZ C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
REG_SZ C:\Documents and Settings\Ravi\Desktop\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTRegSvr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTSI.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
Path REG_SZ C:\Program Files\Digital Line Detect
REG_SZ C:\Program Files\Digital Line Detect\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DMX.exe
Path REG_SZ C:\Program Files\Dell\Media Experience\
REG_SZ C:\Program Files\Dell\Media Experience\DMX.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\gvr.exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket
REG_SZ C:\Program Files\Sony\Giga Pocket\gvr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\halsv.exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket
REG_SZ C:\Program Files\Sony\Giga Pocket\halsv.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_EXPAND_SZ %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ImageReady.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\
REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaHub.exe
Path REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\
REG_SZ C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MOH.exe
Path REG_SZ C:\Program Files\NetWaiting

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
REG_SZ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD.exe
Path REG_SZ C:\Program Files\Roxio\MyDVD\
REG_SZ C:\Program Files\Roxio\MyDVD\MyDVD.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ORUN32.EXE
Path REG_SZ C:\WINDOWS\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
REG_SZ C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PC_Info.exe
REG_SZ C:\Program Files\Common Files\Sony Shared\PC_Info\pc_info.exe
Path REG_SZ C:\Program Files\Common Files\Sony Shared\PC_Info\PC_Info.exe;C:\Program Files\Common Files\Sony Shared\SXBIOS

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhEditor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhonTool.exe
Path REG_SZ C:\Program Files\Classic PhoneTools
REG_SZ C:\Program Files\Classic PhoneTools\PhonTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoEditor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\
REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony MPEG Decoder Library

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony Shared Library for XP

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sony Video Shared Library
Path REG_SZ C:\Program Files\Common Files\Sony Shared\VideoLib

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SopCast.exe
REG_SZ C:\Program Files\SopCast\SopCast.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\UILib.DLL
Path REG_SZ C:\Program Files\Common Files\Sony Shared\UILibrary
REG_SZ C:\Program Files\Common Files\Sony Shared\UILibrary\UILib.DLL

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\USBSircs.exe
Path REG_SZ C:\Program Files\Sony\USBSircs
REG_SZ C:\Program Files\Sony\USBSircs\USBSircs.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
REG_SZ C:\PROGRA~1\MICROS~4\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\wlmail.exe
Path REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
Path REG_SZ C:\Program Files\Sony\Giga Pocket Demo


Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Desktop
SOFTWARE\Classes\MIME\Database\Content Type\application/x-xpinstall;app=firefox REG_SZ .xpi
SOFTWARE\Classes\.htm REG_SZ htmlfile
SOFTWARE\Classes\.html REG_SZ htmlfile
SOFTWARE\Classes\HTTP\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\HTTP\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
SOFTWARE\Classes\HTTPS\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\HTTPS\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
SOFTWARE\Classes\FTP\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\FTP\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
SOFTWARE\Classes\GOPHER\DefaultIcon REG_SZ %SystemRoot%\system32\url.dll,0
SOFTWARE\Classes\GOPHER\shell\open\command REG_SZ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon REG_SZ "C:\Program Files\Mozilla Firefox\firefox.exe",0
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe -preferences
SOFTWARE\Clients\StartMenuInternet\ REG_SZ IEXPLORE.EXE
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\ REG_SZ Mozilla Firefox
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties REG_SZ Mozilla Firefox &Options

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
web-accelerator@google.com REG_SZ C:\Program Files\Google\Web Accelerator\firefox
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
REG_SZ 1.9.0.13
CurrentVersion REG_SZ 3.0.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)
REG_SZ 3.0.13 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Create Quick Launch Shortcut REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.0.13 (en-US)\Uninstall
Uninstall Log Folder REG_SZ C:\Program Files\Mozilla Firefox\uninstall
Description REG_SZ Mozilla Firefox (3.0.13)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13
GeckoVer REG_SZ 1.9.0.13

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.13\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
DisplayVersion REG_SZ 10.0.22.87
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ http://www.adobe.com/go/getflashplayer
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1


{END OF FILE}