Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with HTTP Fake Scan Webpage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 4th, 2008, 8:49 pm

I'm having a problem which Norton identifies as an HTTP Fake Scan Webpage. This seems to fit what I'm experiencing.

The malware has gotten into Internet Explorer. Now when I open IE, my about:blank page is a page telling me to install WinDefender (labeled as misleading software by the Symantec website), with several popups. The popups never end, no matter what you press, and in order to get out of this, I have to end the process in Task Manager.

However, it has also gotten into my Windows Explorer. Anytime I try to hit the up button in Windows Explorer, it gives me a popup saying that "viruses have been detected" and the pitch to download WinDefender. If you close out, it takes you to the same page the about:blank page does.

I am running Windows XP with SP3 and IE 7 (i believe.....) I've run unsuccessful scans with Norton, McAffee's free Stinger, and Spybot. Here is my HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 7:39:41 PM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\CDProxyServ.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\Upromise.exe
F:\Program Files\Upromise\UpromiseUa.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Aj.Popa - {BC354443-937D-498B-A792-B6E388CDFCE6} - F:\WINDOWS\system32\loifsa.dll
O2 - BHO: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Upromise] F:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] F:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d5d57f4db ... xIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - F:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe


Thank you for any help!
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm
Advertisement
Register to Remove

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 6th, 2008, 4:09 am

Hello and welcome to Malware Removal.

My name is peku006and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

Looks like you have SONY rootkit installed.

Download and run this http://www.sophos.com/support/disinfection/rkprf.html

Post back a fresh HijackThis log afterwards, please.

Thanks pekuk006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 6th, 2008, 2:46 pm

First of all, thanks so much for taking up the task of solving my problem. :)

The scanner you sent me returned no results/files. I had it scan my entire hard drive. Here is a fresh HijackThis log anyways:

(note: you'll see it in the HijackThis log, but i have to change my home page to whatever page I want to access, otherwise I have no way to get there because IE reroutes everything to the virus page)

Logfile of HijackThis v1.99.1
Scan saved at 1:45:49 PM, on 11/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\CDProxyServ.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\cidaemon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\Upromise.exe
F:\Program Files\Upromise\UpromiseUa.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Hijackthis\HijackThis.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
F:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = posting.php?mode=reply&f=11&t=36243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Aj.Popa - {BC354443-937D-498B-A792-B6E388CDFCE6} - F:\WINDOWS\system32\loifsa.dll (file missing)
O2 - BHO: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Upromise] F:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] F:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d5d57f4db ... xIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - F:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 6th, 2008, 3:32 pm

Hi dk2rb

Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop.

Code: Select all
RegSearch Options File

[Search]
$sys$
[Exclude]

[Options]
Filter=KVDLUI


Download Registry Search and extract it. Doubleclick the icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 6th, 2008, 4:04 pm

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 11/6/2008 3:01:43 PM for strings:
; '$sys$'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\$sys$reference]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"

; End Of The Log...
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 7th, 2008, 2:41 am

Hi dk2rb

I need more info ........

Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop.

Code: Select all
RegSearch Options File

[Search]
$sys$
ECDDiskProducer
SonyBMG
crater
aries
qwap

[Exclude]

[Options]
Filter=KVDLUI


Doubleclick the RegSearch icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 7th, 2008, 8:28 am

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 11/7/2008 7:21:36 AM for strings:
; '$sys$'
; 'ecddiskproducer'
; 'sonybmg'
; 'crater'
; 'aries'
; 'qwap'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\$sys$reference]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}]
@="Object for constructing type libraries for scriptlets"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}]
@="MSOLAPAuxiliaries Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}\ProgID]
@="MSOlapAdmin2.MSOLAPAuxiliaries.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E083978-829F-11D3-AB5D-00C04F9407B9}\VersionIndependentProgID]
@="MSOlapAdmin2.MSOLAPAuxiliaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273380E8-1438-4B2C-95B0-713284FBC302}\ToolboxBitmap32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll, 102"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CE546FF-9128-465E-B5C5-5A36CFC2C285}\InprocServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ECB650F-4630-41D3-AC9A-C8F926FC5907}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6205B8C9-75FF-4623-A50A-88E1F14EAFF2}\InprocServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D54F3D-652D-4ab3-A1A6-14D403F6C813}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C5754F7-ADF5-4D82-B181-0F8FC5EA882B}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0F93E27-F05D-4153-A151-F3720369A4C7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACA26BD2-7C61-11cf-B21A-00AA00A215ED}]
@="User-specified dictionaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADE424F3-AA10-471D-8A0A-687534555900}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB023FC5-AA10-47CE-8A0A-6875C17B5914}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E16C0594-128F-11D1-97E4-00C04FB9618A}]
@="ARIES Log Recovery Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBB2FF12-861A-42b6-B815-B1AF4D944916}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F25BC7B7-C60D-4FB9-AAE4-3CA0F6C7038A}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\brpinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E02-3F9E-11d3-93C0-00C04F72DAF7}\InstalledVersion]
"F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"="5,1,2600,1106"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E06-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E08-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC7D9E09-3F9E-11d3-93C0-00C04F72DAF7}\InprocServer32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDE424F3-AA10-471D-8A0A-6875C17B5914}\InProcServer32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP]
"FriendlyTypeName"="@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll,-2100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HCP\shell\open\command]
; Contents of value:
; %SystemRoot%\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe -FromHCP -url "%1"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,45,00,41,00,4c,00,54,00,48,00,5c,00,48,00,45,00,\
4c,00,50,00,43,00,54,00,52,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2d,00,46,00,72,00,6f,00,6d,00,48,00,43,00,50,00,20,00,2d,00,75,\
00,72,00,6c,00,20,00,22,00,25,00,31,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000209AC-0000-0000-C000-000000000046}]
@="Dictionaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000209E0-0000-0000-C000-000000000046}]
@="HangulHanjaConversionDictionaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{349C6ABD-A30C-11D1-ABE5-00C04FC30999}]
@="IMSOLAPAuxiliaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0955950-C777-4370-8837-B0F8D8189FB9}]
@="IHMESharedLibrariesEventHandler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSInfo.Document]
"FriendlyTypeName"="@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll,-391"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries]
@="MSOLAPAuxiliaries Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1]
@="MSOLAPAuxiliaries Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSOlapAdmin2.MSOLAPAuxiliaries.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsRcIncident\DefaultIcon]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,\
6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MsRcIncident\shell\open\command]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe -Mode "hcp://system/Remote%%20Assistance/RAClientLayout.xml" -url "hcp://system/Remote%%20Assistance/Interaction/Client/rctoolScreen1.htm" -ExtraArgument "IncidentFile=%1"
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,\
6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,\
00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2d,00,4d,00,6f,00,64,00,65,00,20,00,22,00,68,00,63,00,70,00,3a,\
00,2f,00,2f,00,73,00,79,00,73,00,74,00,65,00,6d,00,2f,00,52,00,65,00,6d,00,\
6f,00,74,00,65,00,25,00,25,00,32,00,30,00,41,00,73,00,73,00,69,00,73,00,74,\
00,61,00,6e,00,63,00,65,00,2f,00,52,00,41,00,43,00,6c,00,69,00,65,00,6e,00,\
74,00,4c,00,61,00,79,00,6f,00,75,00,74,00,2e,00,78,00,6d,00,6c,00,22,00,20,\
00,2d,00,75,00,72,00,6c,00,20,00,22,00,68,00,63,00,70,00,3a,00,2f,00,2f,00,\
73,00,79,00,73,00,74,00,65,00,6d,00,2f,00,52,00,65,00,6d,00,6f,00,74,00,65,\
00,25,00,25,00,32,00,30,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,\
63,00,65,00,2f,00,49,00,6e,00,74,00,65,00,72,00,61,00,63,00,74,00,69,00,6f,\
00,6e,00,2f,00,43,00,6c,00,69,00,65,00,6e,00,74,00,2f,00,72,00,63,00,74,00,\
6f,00,6f,00,6c,00,53,00,63,00,72,00,65,00,65,00,6e,00,31,00,2e,00,68,00,74,\
00,6d,00,22,00,20,00,2d,00,45,00,78,00,74,00,72,00,61,00,41,00,72,00,67,00,\
75,00,6d,00,65,00,6e,00,74,00,20,00,22,00,49,00,6e,00,63,00,69,00,64,00,65,\
00,6e,00,74,00,46,00,69,00,6c,00,65,00,3d,00,25,00,31,00,22,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Scriptlet.TypeLib]
@="Object for constructing type libraries for scriptlets"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AC18319-0739-4377-8984-848573D519A5}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AC18319-0739-4377-8984-848573D519A5}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{833E4000-AFF7-4AC3-AAC2-9F24C1457BCE}\1.0\0\win32]
@="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{833E4000-AFF7-4AC3-AAC2-9F24C1457BCE}\1.0\HELPDIR]
@="F:\\WINDOWS\\pchealth\\helpctr\\binaries\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C65657D9-5C4B-421E-8DA6-AD4D590FE854}\1.0\0\win32]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries\\mssoap1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C65657D9-5C4B-421E-8DA6-AD4D590FE854}\1.0\HELPDIR]
@="F:\\Program Files\\Common Files\\MSSoap\\Binaries"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CA9F6CB1-47F1-4874-90CB-C674E9A86495}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\brpinfo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CA9F6CB1-47F1-4874-90CB-C674E9A86495}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\ECDDiscProducers]
"SONYBMG"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
"F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"="LowDateTime:1894726272,HighDateTime:29720668***Binary mof compiled successfully"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE]
@="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"F:\\Program Files\\Sibelius Software\\Sibelius 5 Demo\\Syllabification Dictionaries\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B67353C23B9C6345AA46FDFADD82F69]
"9040AC1900063D11C8EF10054038389C"="01:\\Software\\Microsoft\\Shared Tools\\Proofing Tools\\Custom Dictionaries\\1"
"00000000000000000000000000000000"="01:\\Software\\Microsoft\\Shared Tools\\Proofing Tools\\Custom Dictionaries\\1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F65865963B6B0EB4ABB0F894B53E0233\Features]
"AppleSoftwareUpdate"="15?%n%iWs=,E&5u5w[eR=}uyqC2$5AJw']^Z]fR_TQ?B20utg(.L?N3&lrLW]=9fmturW?Yf}fKb.'_apI4!8fTO=9.}t`bY^%E=)BK]]^473=Q9V*LEukGnH&5W=46ub8Zx?`,lU@f.,f.JsZxcz9MXl[W2{@fg(B$oDHjUw=_Bj-mv0d7H~MyTSbPYc9gDnYoI${fi1WB`2ZiNH@squ`^VhDU1.~gK0J00a=H5*A=Ei%O24K8K*z{.^82R73@h[wqTX3!]pC(zr?HB~'+5oul=+!{dQPR(==Ut9B*g69%Z7k4IQJER$=e5e.v3X7{A9Yw5AETNa8I`3`!G.{~Gv8hB1@%~@?44U=?zEaDk@WU,&To44@kA2CE6W(zfz,%%^kIIH9)=J&?VPPtyC.A&2.8!i?+i(&r]SosQzDIoyO-ox=)y['Eq7PU-i4,('PwW[8%D]2CT%C`&&['Q&&mBI9Xh[cZ}7HEtQcEE-K!V=@QwAP1)7klbxqWU(343)A(Z^dWs{kpUZ^EB`cihm=tX!&u5+K+DLH(*N{hM$?])V)S6f9ASCq4+v9Bq39^kX?9]5`bv(B7!WQyrp?.%2p`5u5xQ&'QGlP@W~?cE_ei}*^C6Ep)J$1e,g@SM8FjQX*jVI+!S3nGf?9A?A'Zx}s)5A6z,O]B&X@iCqA70dq'dnFWopYNN1=[_'-%Vjl(yp3a,f(EM2=Cxxrz6k[7v=hxHL^&0t9u?0GKJ-cmHmi5d6!(I!97st-j.YW9^"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1275210071-1450960922-725345543-1005\Components\59091B066108EC9449E724912973C285]
"9FE4C76AD52738C46AA7BBB7D79EC64F"="F:\\Program Files\\Sibelius Software\\Sibelius 5 Demo\\Syllabification Dictionaries\\Latin.ssd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7]
"Identity"="Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32\",version=\"6.0.0.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Codebases]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Codebases\OS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\Files\3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\References]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a]
"Identity"="Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32\",version=\"6.0.9792.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Codebases]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Codebases\U_Service Pack 3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\Files\3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\References]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f]
"Identity"="policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries,processorArchitecture=\"x86\",publicKeyToken=\"6595b64144ccf1df\",type=\"win32-policy\",version=\"6.0.9792.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Codebases]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Codebases\U_Service Pack 3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_d7ea3c6f\References]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]
; Contents of value:
; %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe
"MicrosoftRedirectionProgram"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,\
52,00,6f,00,6f,00,74,00,25,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,\
00,68,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,00,72,00,5c,00,42,00,69,00,\
6e,00,61,00,72,00,69,00,65,00,73,00,5c,00,48,00,65,00,6c,00,70,00,43,00,74,\
00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\SONYBMG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers]
; Contents of value:
; SysSetup.Dll,StorageCoInstaller
; SysSetup.Dll,CriticalDeviceCoInstaller
; $sys$caj.dll,CoInstallCdrom
;
"{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,\
74,00,75,00,70,00,2e,00,44,00,6c,00,6c,00,2c,00,53,00,74,00,6f,00,72,00,61,\
00,67,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,\
72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2e,00,44,00,6c,\
00,6c,00,2c,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6c,00,44,00,65,00,\
76,00,69,00,63,00,65,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,65,00,72,00,00,00,24,00,73,00,79,00,73,00,24,00,63,00,61,00,6a,00,2e,00,\
64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,43,00,64,00,72,00,6f,00,6d,00,00,00,00,00
; Contents of value:
; $sys$caj.dll,CoInstallPC
;
"{FF646F80-8DEF-11D2-9449-00105A075F6B}"=hex(7):24,00,73,00,79,00,73,00,24,00,\
63,00,61,00,6a,00,2e,00,64,00,6c,00,6c,00,2c,00,43,00,6f,00,49,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,50,00,43,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{90A74BC4-8E03-4E03-AA41-5BEA6F6401CF}\Ndi]
"HelpText"="A protocol layered on TCP/IP which preserves message boundaries. This instance of the protocol is for use by the file sharing protocol."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
; Contents of value:
; $sys$crater
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
; Contents of value:
; $sys$crater
; imapi
;
"LowerFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,72,00,61,00,74,00,65,\
00,72,00,00,00,69,00,6d,00,61,00,70,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
; Contents of value:
; $sys$cor
;
"UpperFilters"=hex(7):24,00,73,00,79,00,73,00,24,00,63,00,6f,00,72,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control]
"ActiveService"="$sys$cor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
"Service"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
"ActiveService"="$sys$DRMServer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM\0000]
"Service"="$sys$lim"
"DeviceDesc"="$sys$lim"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT\0000]
"Service"="$sys$oct"
"DeviceDesc"="$sys$oct"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]
; Contents of value:
; System32\Drivers\$sys$cor.sys
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,24,00,73,00,79,00,73,00,24,00,63,\
00,6f,00,72,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]
; Contents of value:
; \??\F:\WINDOWS\System32\$sys$filesystem\crater.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,46,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,24,00,73,00,79,00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,5c,00,63,00,72,00,61,00,74,00,65,00,72,00,2e,00,73,\
00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]
; Contents of value:
; F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
"ImagePath"=hex(2):46,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,\
5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,24,00,73,00,79,\
00,73,00,24,00,66,00,69,00,6c,00,65,00,73,00,79,00,73,00,74,00,65,00,6d,00,\
5c,00,24,00,73,00,79,00,73,00,24,00,44,00,52,00,4d,00,53,00,65,00,72,00,76,\
00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]
"0"="Root\\LEGACY_$SYS$DRMSERVER\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HelpSvc]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HCAppRes.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\UploadM]
"EventMessageFile"="F:\\WINDOWS\\PCHealth\\UploadLB\\Binaries\\UploadM.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters]
; Contents of value:
; %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
"ServiceDll"=hex(2):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,50,\
00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,5c,00,48,00,65,00,6c,00,70,00,\
43,00,74,00,72,00,5c,00,42,00,69,00,6e,00,61,00,72,00,69,00,65,00,73,00,5c,\
00,70,00,63,00,68,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc]
"Description"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"

[HKEY_CURRENT_USER\Software\Google\GECommonSettings\Layers]
"National Forest Boundaries"=dword:00000000
"Park Boundaries"=dword:00000000
"Postal Code Boundaries"=dword:00000000
"City Boundaries"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Research\Sources\{2418FD38-D4CD-45B5-935C-2A9E4494C32F}]
"ProviderName"="Translation (Installed Dictionaries)"

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Research\Sources\{2418FD38-D4CD-45B5-935C-2A9E4494C32F}\{FBBBB79E-9F02-4E5A-BA58-3674A1919488}]
"Description"="Includes installed bilingual dictionaries, online bilingual dictionaries, and online machine translation services. To enable or disable a specific translation source, use the Translation Options link."

[HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Custom Dictionaries]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@F:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\msinfo.dll,-391"="MSInfo Document"

; End Of The Log...





Also, I've noticed that the malware has only hacked my address bar in Internet Explorer. If i put anything in the address bar, then i'm redirected to the virus download page. (this is also true in windows explorer, and in windows explorer when i hit the up button)
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 8th, 2008, 4:39 am

Hi dk2rb

This is a fairly long instruction, but you can do it. Just take it one step at a time. If there is any step where you need help, please post back and ask.

1- Back up your registry with ERUNT

  • Download ERUNT from here and save it to your desktop.
  • Double click erunt-setup.exe to install the program
  • Follow the prompts, and then uncheck Create NTREGOPT desktop icon at the Additional Tasks screen. Click No when you are prompted about creating an ERUNT entry in the startup folder. At the next screen, uncheck Show documentation and check Launch ERUNT
  • If ERUNT doesnt start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process
Note:
The backups can be restored from here:
C:\windows\ERDNT\<todays date>\ERDNT.exe

2- Download and run RegDACL

Download RegDACL, and extract it to C: root (C:\).

Launch Notepad, and copy/paste the box below into a new text file. Save it as FixReg.bat and all file types. Be sure to save it in the same folder as the one where you extracted RegDACL.

Code: Select all
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0 /GGE:F
RegDAC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1\Control /GGE:F
RegDACL HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 /GGE:F


Locate FixReg.bat in that folder and double-click on it.

3 - Download and run OTMoveIt3

  • Download OTMoveIt3 by OldTimer from here and save it to your desktop
  • Launch OTMoveIt3.exe and copy the text from the codebox below into the lefthand box below "Paste Instructions for Items to be Moved"
    Code: Select all
    :Services
    CD_Proxy
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\ECDDiscProducers]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM]
    "F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE]
    "F:\\WINDOWS\\System32\\$sys$filesystem\\crater.sys[MofResource]"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SONYBMG]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers]
    "{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,\
      70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,\
      65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,\
      00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,\
      6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6C,00,44,00,65,00,\
      76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,\
      6C,00,65,00,72,00,00,00,00,00
    "{FF646F80-8DEF-11D2-9449-00105A075F6B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
    "UpperFilters"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers]
    "{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,\
      70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,\
      65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,\
      00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,\
      6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6C,00,44,00,65,00,\
      76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,\
      6C,00,65,00,72,00,00,00,00,00
    "{FF646F80-8DEF-11D2-9449-00105A075F6B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
    "UpperFilters"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers]
    "{4D36E965-E325-11CE-BFC1-08002BE10318}"=hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,\
      70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,\
      65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,\
      00,00
    53,00,79,00,73,00,53,00,65,00,74,00,75,00,\
      70,00,2E,00,44,00,6C,00,6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,\
      61,00,6C,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,\
      73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00
    "{FF646F80-8DEF-11D2-9449-00105A075F6B}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0]
    "LowerFilters"=hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1]
    "UpperFilters"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Enum]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Enum]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Enum]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Enum]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Security]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum]
    
    :files
    F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
    F:\WINDOWS\CDProxyServ.exe
    
  • Double-check that the input matches the code box above and then click the MoveIt! button to start the script. If you're prompted about rebooting allow the request.
  • Once OTMoveIt finishes, a log will be located at C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss. (mmddyyyy_hhmmss is a timestamp from when the log was created)
  • Include this log in your next reply

4 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


5 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

6 - Status Check
Please reply with

1. the OTMoveIt3 log
2. the logs from RSIT (log.txt ,info.txt)
3. the Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 8th, 2008, 2:19 pm

OTMoveIt!3 log

========== SERVICES/DRIVERS ==========
Unable to stop service CD_Proxy .
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ECDDiscProducers\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\\F:\WINDOWS\System32\$sys$filesystem\crater.sys[MofResource] deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\\F:\WINDOWS\System32\$sys$filesystem\crater.sys[MofResource] deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SONYBMG\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers\\"{4D36E965-E325-11CE-BFC1-08002BE10318}"|hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6C,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers\\{FF646F80-8DEF-11D2-9449-00105A075F6B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF646F80-8DEF-11D2-9449-00105A075F6B}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers\\"{4D36E965-E325-11CE-BFC1-08002BE10318}"|hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00,53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6C,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CoDeviceInstallers\\{FF646F80-8DEF-11D2-9449-00105A075F6B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF646F80-8DEF-11D2-9449-00105A075F6B}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers\\"{4D36E965-E325-11CE-BFC1-08002BE10318}"|hex(7):53,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,53,00,74,00,6F,00,72,00,61,00,67,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,0053,00,79,00,73,00,53,00,65,00,74,00,75,00,70,00,2E,00,44,00,6C,00,6C,00,2C,00,43,00,72,00,69,00,74,00,69,00,63,00,61,00,6C,00,44,00,65,00,76,00,69,00,63,00,65,00,43,00,6F,00,49,00,6E,00,73,00,74,00,61,00,6C,00,6C,00,65,00,72,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CoDeviceInstallers\\{FF646F80-8DEF-11D2-9449-00105A075F6B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF646F80-8DEF-11D2-9449-00105A075F6B}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomJLMS_DVD-ROM_XJ-HD166___________________DD05____\5&3a22a7d4&0&0.0.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0C____\5&3a22a7d4&0&0.1.0\\"LowerFilters"|hex(7):69,00,6D,00,61,00,70,00,69,00,00,00,00,00 /E!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCIIDE\IDEChannel\4&3113adfa&0&1 not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\Control\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$LIM\0000\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_$SYS$OCT\0000\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$DRMSERVER\0000\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$LIM\0000\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\\ .
Unable to delete registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_$SYS$OCT\0000\\ .
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$cor\Enum\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$crater\Enum\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\$sys$DRMServer\Enum\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$cor\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$crater\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\$sys$DRMServer\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$cor\Enum\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$crater\Enum\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Security\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer\Enum\\ not found.
========== FILES ==========
F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe moved successfully.
F:\WINDOWS\CDProxyServ.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11082008_081737



Logfile of random's system information tool 1.04 (written by random/random)
Run by Mom and Dad at 2008-11-08 13:13:38
Microsoft Windows XP Home Edition Service Pack 3
System drive F: has 9 GB (6%) free of 153 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:53 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\system32\cidaemon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\Upromise.exe
F:\Program Files\Upromise\UpromiseUa.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Mom and Dad\Desktop\OTMoveIt3.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
F:\Program Files\trend micro\Mom and Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = viewtopic.php?f=11&t=36243&p=367391&e=367391
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Upromise] F:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] F:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d5d57f4db ... xIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - F:\WINDOWS\CDProxyServ.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13932 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Mom and Dad.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{C85A52A9-DEE3-40ED-93B1-CDF5F6BE7DED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
F:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - F:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-08-10 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - f:\program files\google\googletoolbar1.dll [2008-09-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-10 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd91a757-e5e9-4873-a88b-941a039ee5e5}]
Survival of the Cool Toolbar - F:\Program Files\Survival_of_the_Cool\tbSurv.dll [2008-08-20 1780248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}]
Upromise TurboSaver - F:\Program Files\Upromise\upromisetoolbar.dll [2008-08-25 929792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll [2007-12-04 927008]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{bd91a757-e5e9-4873-a88b-941a039ee5e5} - Survival of the Cool Toolbar - F:\Program Files\Survival_of_the_Cool\tbSurv.dll [2008-08-20 1780248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - f:\program files\google\googletoolbar1.dll [2008-09-06 2403392]
{06E58E5E-F8CB-4049-991E-A41C03BD419E} - Upromise TurboSaver - F:\Program Files\Upromise\upromisetoolbar.dll [2008-08-25 929792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=F:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"dla"=F:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"NvCplDaemon"=F:\WINDOWS\System32\NvCpl.dll [2005-12-10 7311360]
"nwiz"=nwiz.exe /install []
"TkBellExe"=F:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-23 185896]
"SunJavaUpdateSched"=F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"SiteAdvisor"=F:\Program Files\SiteAdvisor\6172\SiteAdv.exe [2007-03-01 35928]
"googletalk"=F:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"NvMediaCenter"=F:\WINDOWS\System32\NvMcTray.dll [2005-12-10 86016]
"Adobe Reader Speed Launcher"=F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ccApp"=F:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=F:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]
"QuickTime Task"=F:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=F:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Microsoft Works Update Detection"=?\WkDetect.exe []
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TivoTransfer"=F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2007-09-25 1195008]
"TivoNotify"=F:\Program Files\TiVo\Desktop\TiVoNotify.exe [2007-09-25 384000]
"TivoServer"=F:\Program Files\TiVo\Desktop\TiVoServer.exe [2007-09-25 1495040]
"Upromise"=F:\Program Files\Upromise\Upromise.exe [2008-09-17 536576]
"Upromise Update"=F:\Program Files\Upromise\UpromiseUa.exe [2008-09-17 172032]
"P2kAutostart"= []
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-10 68856]
"Upromise Tray"=F:\Program Files\Upromise\UpromiseTray.exe [2008-10-15 167936]
"SpybotSD TeaTimer"=F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Works Calendar Reminders.lnk - F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
MLB.TV NexDef Plug-in.lnk - F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
Picture Package Menu.lnk - F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\TiVo\Desktop\TiVoServer.exe"="F:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server Service Process"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 13:14:01 ----D---- F:\Program Files\trend micro
2008-11-08 13:13:38 ----D---- F:\rsit
2008-11-08 08:18:49 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\Malwarebytes
2008-11-08 08:18:41 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2008-11-08 08:18:41 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-08 08:07:06 ----D---- F:\_OTMoveIt
2008-11-08 08:04:31 ----A---- F:\FixReg.bat
2008-11-08 08:03:35 ----D---- F:\doc
2008-11-08 08:03:35 ----A---- F:\RegDACL.exe
2008-11-08 08:03:35 ----A---- F:\Freeware_en.txt
2008-11-08 08:01:34 ----D---- F:\WINDOWS\ERDNT
2008-11-08 08:00:53 ----D---- F:\Program Files\ERUNT
2008-11-04 19:38:59 ----D---- F:\Program Files\Hijackthis
2008-11-04 18:20:33 ----D---- F:\Program Files\Spybot - Search & Destroy
2008-11-04 18:20:33 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 15:56:45 ----A---- F:\WINDOWS\system32\Ilda32.dll
2008-10-23 15:56:45 ----A---- F:\WINDOWS\system32\BORLNDMM.DLL
2008-10-23 15:56:43 ----D---- F:\Program Files\CoffeeCup Software
2008-10-22 14:37:39 ----D---- F:\Documents and Settings\All Users\Application Data\vsosdk
2008-10-22 14:13:50 ----D---- F:\Program Files\MagicDVDCopier
2008-10-14 18:33:27 ----D---- F:\Program Files\Mosaic-Pictures 2
2008-10-14 18:33:27 ----A---- F:\WINDOWS\cadkasdeinst01e.exe
2008-10-09 13:23:57 ----D---- F:\StudioBuddy

======List of files/folders modified in the last 1 months======

2008-11-08 13:14:47 ----D---- F:\WINDOWS\Temp
2008-11-08 13:14:16 ----D---- F:\WINDOWS\Prefetch
2008-11-08 13:14:03 ----D---- F:\Program Files\Common Files\Symantec Shared
2008-11-08 13:14:01 ----D---- F:\Program Files
2008-11-08 13:12:28 ----D---- F:\WINDOWS\system32
2008-11-08 13:12:28 ----D---- F:\WINDOWS
2008-11-08 08:18:45 ----D---- F:\WINDOWS\system32\drivers
2008-11-08 08:17:38 ----D---- F:\WINDOWS\system32\$sys$filesystem
2008-11-05 08:26:22 ----D---- F:\WINDOWS\system32\CatRoot2
2008-11-04 15:04:29 ----D---- F:\WINDOWS\system32\LogFiles
2008-11-04 14:57:13 ----N---- F:\WINDOWS\SchedLgU.Txt
2008-11-03 22:44:30 ----D---- F:\WINDOWS\Debug
2008-11-03 22:06:19 ----D---- F:\WINDOWS\system32\Restore
2008-11-03 18:23:18 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 22:38:45 ----D---- F:\Documents and Settings\Mom and Dad\Application Data\SiteAdvisor
2008-11-02 12:51:17 ----SHD---- F:\WINDOWS\Installer
2008-11-02 12:50:09 ----HD---- F:\Config.Msi
2008-11-02 12:50:00 ----D---- F:\Program Files\Upromise
2008-10-28 20:18:33 ----HD---- F:\WINDOWS\inf
2008-10-24 02:05:14 ----RSHDC---- F:\WINDOWS\system32\dllcache
2008-10-24 02:03:56 ----HD---- F:\WINDOWS\$hf_mig$
2008-10-23 15:09:46 ----D---- F:\Program Files\CoreFTP
2008-10-21 16:26:53 ----D---- F:\Program Files\Microsoft Silverlight
2008-10-15 11:34:24 ----A---- F:\WINDOWS\system32\netapi32.dll
2008-10-15 06:12:44 ----D---- F:\WINDOWS\system32\wbem
2008-10-15 02:26:20 ----D---- F:\Program Files\Internet Explorer
2008-10-15 02:15:27 ----D---- F:\WINDOWS\ie7updates
2008-10-15 02:13:10 ----A---- F:\WINDOWS\win.ini
2008-10-12 18:39:06 ----D---- F:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; F:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 eeCtrl;Symantec Eraser Control driver; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; F:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; F:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NPPTNT2;NPPTNT2; \??\F:\WINDOWS\System32\npptNT2.sys []
R1 OMCI;OMCI; F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SPBBCDrv;SPBBCDrv; \??\F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; F:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 sscdbhk5;sscdbhk5; F:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; F:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 SYMTDI;SYMTDI; F:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\F:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 drvnddm;drvnddm; F:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 tfsnboio;tfsnboio; F:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; F:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; F:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; F:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; F:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; F:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; F:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; F:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; F:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; F:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; F:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel(R) PRO Adapter Driver; F:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\system32\drivers\gearaspiwdm.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; F:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; F:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; F:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; F:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 mouhid;Mouse HID Driver; F:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NAVENG;NAVENG; \??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081107.049\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081107.049\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; F:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; F:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-12-10 3536768]
R3 pcouffin;VSO Software pcouffin; F:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-22 47360]
R3 smwdm;smwdm; F:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 SRTSP;SRTSP; F:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; F:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\F:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; F:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; F:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\F:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081108.003\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; F:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; F:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; F:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; F:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; F:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CoachUsb;Coach Digital Camera on USB; F:\WINDOWS\System32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
S3 CoachVc;Coach Video Capture; F:\WINDOWS\System32\DRIVERS\CoachVc.sys [2004-11-24 44256]
S3 COH_Mon;COH_Mon; \??\F:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 ICDUSB2;Sony IC Recorder (P); F:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 idmc1aud;Intel(r) Play(tm) USB Audio Filter (WDM); F:\WINDOWS\system32\drivers\idmc1aud.sys [2001-07-05 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver; F:\WINDOWS\System32\DRIVERS\IDMC1Blk.sys [2001-07-05 14628]
S3 IDMC1Vxp;Intel(r) Play(tm) DMC Camera; F:\WINDOWS\System32\DRIVERS\idmc1vme.sys [2001-07-05 416564]
S3 MSDV;Microsoft DV Camera and VCR; F:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; F:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 P2k;Motorola USB Device; F:\WINDOWS\System32\DRIVERS\P2k.sys [2003-04-08 38656]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); F:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 SDDMI2;SDDMI2; \??\F:\WINDOWS\System32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); F:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; F:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; F:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; F:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbser;Motorola USB Modem Driver; F:\WINDOWS\System32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LiveUpdate Notice;LiveUpdate Notice; F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\System32\nvsvc32.exe [2005-12-10 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; F:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
R2 spkrmon;spkrmon; F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-06-16 61440]
R2 TivoBeacon2;TiVo Beacon; F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R2 Viewpoint Manager Service;Viewpoint Manager Service; F:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
R3 Symantec Core LC;Symantec Core LC; F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-08-10 1245064]
S2 CD_Proxy;XCP CD Proxy; F:\WINDOWS\CDProxyServ.exe []
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 comHost;COM Host; F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 gusvc;Google Updater Service; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-06 138168]
S3 ICDSPTSV;Sony SPTI Service for DVE; F:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 LiveUpdate;LiveUpdate; F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-08 13:15:02

======Uninstall list======

-->"F:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->F:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->F:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{410438A3-B591-4028-B70A-3CC0B33FBCD1}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{CACA4016-6B3D-460F-A9E8-767CE6E9D1D1}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"F:\Program Files\7-Zip\Uninstall.exe"
Acoustica Effects Pack-->F:\PROGRA~1\ACOUST~2\UNWISE.EXE F:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware SE Personal-->F:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE F:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->F:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->F:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AFT 2.53.0.5-->"F:\Program Files\AFT Software\uninst\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"F:\Program Files\Audacity\unins000.exe"
AudioLabel-->F:\Program Files\AudioLabel\Uninstall.exe
Barbie Cool Looks Fashion Designer-->F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Barbie\Barbie Cool Looks Fashion Designer\CLUninst.isu" -c"F:\Program Files\Barbie\Barbie Cool Looks Fashion Designer\uninst.dll
Barbie(R) Pet Rescue-->F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Mattel Interactive\Barbie(R)\Barbie(R) Pet Rescue\Uninst.isu"
Blue's Preschool-->F:\WINDOWS\uninst.exe -f"F:\Program Files\Infogrames Interactive\Blue's Preschool\DeIsL1.isu"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bulent's Screen Recorder 3-->F:\Program Files\Bulent's Screen Recorder\Uninstall Screen Recorder 3.exe
Cakewalk Music Creator 2003-->F:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE F:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CBC Content Pack - CBC Fun Pack #1-->MsiExec.exe /I{3414A564-B87F-4733-97D8-09744A28C571}
CBC Content Pack - CBC Penguins-->MsiExec.exe /I{3D873D10-A306-4929-8440-30D238BE7AED}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)-->"F:\Program Files\CCleaner\uninst.exe"
Clifford Phonics-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
CoffeeCup Free HTML Editor-->F:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE F:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
CoffeeCup HTML Editor 2008-->F:\PROGRA~1\COFFEE~1\UNWISE.EXE F:\PROGRA~1\COFFEE~1\INSTALL.LOG
Comic Book Creator Content Pack - Basic 2-->MsiExec.exe /I{F3631AA9-4F64-4180-87BB-E2DB136C76F9}
Comic Book Creator Content Pack - Bluetorch-->MsiExec.exe /I{ABA578E2-E75A-408C-BA65-85B45433CCB2}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Core FTP LE 2.1-->F:\PROGRA~1\CoreFTP\UNWISE.EXE F:\PROGRA~1\CoreFTP\INSTALL.LOG
Dell ResourceCD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2-->F:\WINDOWS\DSDXIRMV.EXE F:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DV TS-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{54266945-8A11-424D-B20F-4F747A714FBA}\Setup.exe"
ERUNT 1.1j-->"F:\Program Files\ERUNT\unins000.exe"
Finale Allegro 2007-->H:\Program Files\Finale Allegro 2007\uninstallAllegro.exe
Finale NotePad 2008-->F:\Program Files\Finale NotePad 2008\uninstallNP.exe
Finale PrintMusic 2008-->F:\Program Files\Finale PrintMusic 2008\uninstallPM.exe
Fisher-Price® Big Action Construction-->D:\setup.exe -fcnstunin.ins
Fisher-Price® Big Action Garage-->D:\setup.exe -fungarage.ins
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"F:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
GPL Ghostscript 8.54-->F:\Program Files\gs\uninstgs.exe "F:\Program Files\gs\gs8.54\uninstal.txt"
GPL Ghostscript Fonts-->F:\Program Files\gs\uninstgs.exe "F:\Program Files\gs\fonts\uninstal.txt"
Hijackthis 1.99.1-->"F:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"F:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Deskjet 5900 series-->F:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0-->F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.0-->F:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.0-->F:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->F:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD2-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel(r) Play(tm) Digital Movie Creator-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{128D2873-DDAA-4D4C-A177-2D4876C86807}\setup.exe"
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(r) System Information Viewer-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"
ISO Recorder-->MsiExec.exe /I{0F6A7971-0F11-4A79-A0E9-133D0963A570}
IsoBuster 2.2-->"F:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "F:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic DVD Copier Version 4.9 build 4-->"F:\Program Files\MagicDVDCopier\unins000.exe"
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->F:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Publishing Platinum 2001-->MsiExec.exe /I{501FC6C0-7F99-4937-99F6-9A65A964B710}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection F:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MixMeister BPM Analyzer 1.0-->"F:\Program Files\MixMeister BPM Analyzer\unins000.exe"
MixMeister CD-R Drivers-->MsiExec.exe /I{4367BF53-8748-4122-8516-85E4375925AF}
Mixmeister Studio 7-->"H:\Program Files\MixMeister Studio 7\unins000.exe"
MLB.TV NexDef Plug-in-->F:\Program Files\Autobahn\Uninstall.exe
Mobipocket Reader 6.0-->MsiExec.exe /I{3B9EF902-F253-4B0A-9EA8-6596BBCB6B28}
Monopoly Tycoon-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe"
Mosaic-Pictures 2-->F:\WINDOWS\cadkasdeinst01e.exe "F:\Program Files\Mosaic-Pictures 2\"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicnotes Player V1.22.3-->"F:\Program Files\Musicnotes\Player\unins000.exe"
My Mix-->F:\WINDOWS\unvise32.exe F:\Program Files\Shockwave.com\My Mix\product\data\uninstal.log
Network Play System (Patching)-->F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"F:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->F:\WINDOWS\System32\nvudisp.exe UninstallGUI
OverDrive Media Console-->MsiExec.exe /I{59FD743D-A699-449E-8197-BD2899DAD69A}
PageNest-->"H:\Program Files\Solent\PageNest\unins000.exe"
PDF Writer-->F:\WINDOWS\System32\uninstpw.exe F:\Program Files\PDF Writer
Picture Package-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Planetwide Games Comic Book Creator-->MsiExec.exe /I{EBFB1375-E8DE-43DD-8430-3E43485E19F8}
PowerDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"F:\WINDOWS\PrimoPDF\uninstall.exe" "/U:F:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QuickTime for Windows (32-bit)-->F:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reader Rabbit's Math Ages 6-9-->F:\WINDOWS\IsUninst.exe -fF:\Tlcwin\Math6-9\Uninst\DeIsL2.isu
RealPlayer-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RollerCoaster Tycoon 2-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"F:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Shockwave-->F:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE F:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Sibelius 5 Demo-->MsiExec.exe /X{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}
SmartMusic Content (shared music files)-->H:\Program Files\SmartMusic Applications\UninstallContent.exe
SmartMusic for Essential Elements 2000 Band Book 1 Student Edition-->F:\WINDOWS\unvise32.exe H:\Program Files\SmartMusic Applications\EE2k Band Book 1 Student\uninstal.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Foundry ACID 3.0g-->MsiExec.exe /I{09E75527-D21D-4B9D-88FB-1A3E9D434A21}
Sonic MyDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Cinescore 1.0-->MsiExec.exe /X{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}
Sony Cinescore Plug-In 1.0-->MsiExec.exe /X{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}
Sony Digital Voice Editor 3-->F:\PROGRA~1\Sony\DIGITA~1\UNINST.EXE
Sony DVD Architect Studio 3.0b-->MsiExec.exe /X{F0B8271B-1FC0-48AA-A4E7-8991AEDAEC1A}
Sony Super Duper Music Looper 2.0-->MsiExec.exe /I{9DECE42F-ABBD-4832-8735-D77F6032EF6E}
Sony USB Driver-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas Movie Studio 6.0b-->MsiExec.exe /X{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}
SoundMAX-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spin It Again-->F:\PROGRA~1\ACOUST~1\UNWISE.EXE F:\PROGRA~1\ACOUST~1\INSTALL.LOG
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sqirlz Morph-->F:\WINDOWS\Sqirlz Morph Uninstaller.exe
StationRipper 2.87-->G:\Program Files\StationRipper\uninstall-StationRipper.exe
Survival_of_the_Cool Toolbar-->F:\PROGRA~1\SURVIV~1\UNWISE.EXE F:\PROGRA~1\SURVIV~1\INSTALL.LOG
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
The 3D Gamemaker-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B616F589-DDE9-4079-85B1-594FFED4E374}\setup.exe" -l0x9
The ClueFinders' 4th Grade Adventures-->F:\WINDOWS\IsUninst.exe -fF:\Tlcwin\CFndr4th\Uninst\DeIsL1.isu
The Sims Superstar-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.exe" -l0009
TiVo Desktop 2.5.1-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
TurboTax Deluxe 2007-->F:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->F:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "F:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Upromise TurboSaver-->"F:\Program Files\Upromise\uninstall.exe"
VideoEgg Publisher-->F:\Program Files\VideoEgg\Uninstall.exe
Viewpoint Media Player-->F:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Sound Canvas DXi-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}\setup.exe" UNINSTALL_XXX
WexTech AnswerWorks-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Internet Explorer 7-->"F:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->F:\Documents and Settings\Kids\My Documents\Absolute Pitch\dlb tppetsc\rar\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\Common Files\Sonic Shared;F:\Program Files\Smart Projects\IsoBuster;F:\Program Files\iTunes\Plug-Ins\Qloud\;F:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;F:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------







Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

11/8/2008 1:12:28 PM
mbam-log-2008-11-08 (13-12-28).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 210403
Time elapsed: 2 hour(s), 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ninoger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sdx12q.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b31f9ef2-40d0-4f3e-9334-502c709ddc57} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d76fbc4f-5e07-41fa-9013-fa3a53e46b95} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc354443-937d-498b-a792-b6e388cdfce6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc354443-937d-498b-a792-b6e388cdfce6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc354443-937d-498b-a792-b6e388cdfce6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\Kids\Local Settings\Temporary Internet Files\Content.IE5\GO0K8WFB\keygen_MakeMusic_Finale_PrintMusic_2008_V13.0.0.2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{97F881E6-595E-4DA3-8E3F-5CFCF7C0D241}\RP809\A0187546.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
F:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Start Menu\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Start Menu\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Favorites\Cheap Pharmacy Online.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Start Menu\Cheap Pharmacy Online.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Favorites\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
F:\Documents and Settings\Kids\Start Menu\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.





It looks like the stuff that MBAM found was my problem. I'll go check how the system is running and report back.
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 8th, 2008, 2:41 pm

All apparent problems are gone.
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 9th, 2008, 4:34 am

Hi dk2rb

Your logs are looking much better too, but there are still some things we need to take care of.

You have signs of the Sony Rootkit in your log

Download and run this removal tool:

http://securityresponse.symantec.com.../FixRyknos.exe

After that, Reboot

Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

Please reply with


a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 9th, 2008, 3:34 pm

I ran the scan, it found nothing. I restarted and ran HijackThis anyways. Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:00 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\Upromise.exe
F:\Program Files\Upromise\UpromiseUa.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Hijackthis\HijackThis.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = viewtopic.php?f=11&t=36243&p=367391&e=367391
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Upromise] F:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] F:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d5d57f4db ... xIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - F:\WINDOWS\CDProxyServ.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe


Also, are you sure it's the SONY rootkit and not just legitimate software manufactured by Sony? I have Acid Music 3, Vegas Movie Studio, and DVD Architect, all installed from store-bought disk, and Cinescore 1 demo downloaded from the official, legitimate Sony Media Software site. I also have a Sony digital camera and several pieces of software used to transfer images from it.
dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 9th, 2008, 4:08 pm

Hi dk2rb
Also, are you sure it's the SONY rootkit

Yes, it was..........
XCP DRM Rootkit

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - F:\WINDOWS\CDProxyServ.exe (file missing)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop CD_Proxy
sc delete CD_Proxy

exit


Double click FixServices.bat. A window will open and close. This is normal.

3 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

4 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

5 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

6 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Help with HTTP Fake Scan Webpage

Unread postby dk2rb » November 10th, 2008, 7:34 am

Sorry, I saved the report as .html by accident and wasn't able to get a .txt one. Here is the logs:


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 09, 2008 10:09:15
Records in database: 1376472


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
F:\


Scan statistics
Files scanned 147540
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 05:26:09

File name Threat name Threats count
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05D910AA.php Infected: Trojan-Downloader.JS.Small.fs 1

F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FF75A2E.php Infected: Trojan-Downloader.JS.Small.fs 1



Logfile of HijackThis v1.99.1
Scan saved at 6:33:46 AM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\cisvc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\WINDOWS\system32\dla\tfswctrl.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
F:\Program Files\TiVo\Desktop\TiVoNotify.exe
F:\Program Files\TiVo\Desktop\TiVoServer.exe
F:\Program Files\Upromise\Upromise.exe
F:\Program Files\Upromise\UpromiseUa.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Upromise\UpromiseTray.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
F:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\System32\HPZipm12.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
F:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = viewtopic.php?f=11&t=36243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - F:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - F:\Program Files\Upromise\upromisetoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Survival of the Cool Toolbar - {bd91a757-e5e9-4873-a88b-941a039ee5e5} - F:\Program Files\Survival_of_the_Cool\tbSurv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] F:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] F:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [googletalk] F:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "F:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "F:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "F:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Upromise] F:\Program Files\Upromise\Upromise.exe
O4 - HKCU\..\Run: [Upromise Update] F:\Program Files\Upromise\UpromiseUa.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Upromise Tray] F:\Program Files\Upromise\UpromiseTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = F:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - F:\Program Files\Upromise\upromisetoolbar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocol ... 0.0.13.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d5d57f4db ... xIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8842907250
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://a248.e.akamai.net/f/248/5462/2h/ ... mDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://my.firmenich.com/dana-cached/se ... tupSP1.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca07.custhelp.com/8201-b499h ... a/RntX.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - F:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe
O23 - Service: spkrmon - Unknown owner - F:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec Core LC - Unknown owner - F:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - F:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

dk2rb
Regular Member
 
Posts: 78
Joined: November 4th, 2008, 8:33 pm

Re: Help with HTTP Fake Scan Webpage

Unread postby peku006 » November 10th, 2008, 8:11 am

Hi dk2rb

Please empty your Norton AntiVirus Quarantine. If you don't know how, click here.

How is the computer running now ?
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware