Jump to content


Photo

Help


  • This topic is locked This topic is locked
80 replies to this topic

#51 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 29 June 2007 - 06:23 PM

My internet connection continues to reset every couple of minutes. =/

#52 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 30 June 2007 - 04:49 PM

Try an internet repair while I think of something else to do. The worse that can happen is that it tells you that all files are fine. This requires that you have the windows xp cd. I hope you have it handy. This will take a while, so just give it time.

• From the Start menu, select Run.
• In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
• Select the OK button.
• Follow the prompts throughout the System File Checker process.

Reboot the computer when System File Checker completes.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#53 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 30 June 2007 - 09:25 PM

Sorry I have misplaced the Windows XP CD and cannot find it. =/. Is there anything else we can try?

#54 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 30 June 2007 - 11:36 PM

Ok, try the following:

1. Open Registry through start/Run in the field that opens type regedit
2. Click on Edit on the top menu.
3. Click on Find
4. In the Find what window type ?E?eXPAcAe±M•~ac
5. Click Find next
6. If you find it, right click on the ?E?eXPAcAe±M•~ac that appears on the left pane.
7. Click Copy key name.
8. Open your Microsoft word and paste it there.
9. If you find it, go back to the registry to see if you find anymore files somewhere else in the registry.
10. Click Edit/Find next until you find all those kinds of keys in the registry.
11. Once you search the entire registry, close it and the post all keys for me to see. Also if you see any item in the right pane, tell me what they are please.

Don't worry, I don't give up too easily. We'll get this done.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#55 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 01 July 2007 - 12:46 AM

I searched twice, couldn't find it. =/

#56 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 01 July 2007 - 01:11 AM

Was your system set to show hidden files and folders? If not, you can try again. Let me know if you still don't find anything.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#57 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 01 July 2007 - 01:18 AM

Yeah it was set to show hidden files and folders, still couldn't find it.

#58 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 01 July 2007 - 12:22 PM

Well, I still think it could be related to that Chinese software, but I wish we could find some kind of prove that it does. For now, since the problem is your IE browser crashing, let's download FireFox browser so you can use it instead of IE. We can continue to try and get rid of your problem anyway. I have both Internet explorer and FireFox. I believe FireFox is less likely to give you problems. I use IE for certain things that I can't do with FireFox. For Example, some scans online don't work with FireFox, and Windows updates don't work with it either. I only use IE when I have to. You can get FireFox here if you like. http://www.mozilla.com/

You can download Themes/Plugins/Extension if you want. If you decide to get any of them, read what they are for first, and then download only the ones you really need. You can check them out here:
https://addons.mozil.../en-US/firefox/

Let's try something else. Print this topic to make it easier for you to follow the instructions and complete all of the necessary steps in safe mode.

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#59 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 01 July 2007 - 04:21 PM

I think you have misunderstood my problem, it is not my internet browser crashing, it is the connection itself that resets. What I mean is that a bubble comes up from my Local Area Connection saying that the connection has been lost and then less than a second another bubble appears saying that the Local Area Connection is connected again. I have been using Mozilla Firefox the whole time, except when downloading Windows Updates. Anyways, here are the log files, first one from SDFix, the second from HJT.


SDFix: Version 1.88

Run by Jonathan on 07/01/2007 Sun at 02:00 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Jonathan\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINNT
C:\WINNT
No streams found.

Checking C:\WINNT\system32
C:\WINNT\system32
No streams found.

Checking C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
No streams found.

Checking C:\WINNT\system32\ntoskrnl.exe
C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\Sharing Folders\dennis_the_menance@hotmail.com\Thumbs.db
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\Sharing Folders\jamessosailee@hotmail.com\Thumbs.db
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\Sharing Folders\kevkuo@hotmail.com\Thumbs.db
C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\oldjonny@gmail.com\Sharing Folders\monk_slayer@hotmail.com\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\alexisonfire\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Chamillionaire\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Chamillionaire\AlbumArt_{B1EF4568-2F4D-463D-99C8-73285F401CD1}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Chamillionaire\AlbumArt_{B1EF4568-2F4D-463D-99C8-73285F401CD1}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Chamillionaire\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Chamillionaire featuring Krayzie Bone\Chamillionaire\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Dashboard Confessionals\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Dashboard Confessionals\AlbumArt_{0FC39CD1-514B-4FD6-8E0D-704ADD76E7CF}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Dashboard Confessionals\AlbumArt_{0FC39CD1-514B-4FD6-8E0D-704ADD76E7CF}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Dashboard Confessionals\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Dashboard Confessional\Dashboard Confessionals\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Futures\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Futures\AlbumArt_{26CC43DE-9103-4A00-BA7F-590DA76AA6A3}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Futures\AlbumArt_{26CC43DE-9103-4A00-BA7F-590DA76AA6A3}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Futures\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Futures\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Jimmy Eat World\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Jimmy Eat World\AlbumArt_{26CC43DE-9103-4A00-BA7F-590DA76AA6A3}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Jimmy Eat World\AlbumArt_{26CC43DE-9103-4A00-BA7F-590DA76AA6A3}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Jimmy Eat World\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Jimmy Eat World\Jimmy Eat World\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\The Fake Sound Of Progress\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\The Fake Sound Of Progress\AlbumArt_{D3C5BE82-8D9B-4F00-BBBF-B3DD18E65D46}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\The Fake Sound Of Progress\AlbumArt_{D3C5BE82-8D9B-4F00-BBBF-B3DD18E65D46}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\The Fake Sound Of Progress\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Lostprophets\The Fake Sound Of Progress\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\I'm Not Okay (I Promise)\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\I'm Not Okay (I Promise)\AlbumArt_{4236E9A8-5394-46BC-873C-5CE77A78F0C3}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\I'm Not Okay (I Promise)\AlbumArt_{4236E9A8-5394-46BC-873C-5CE77A78F0C3}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\I'm Not Okay (I Promise)\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\I'm Not Okay (I Promise)\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\The Black Parade\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\The Black Parade\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\The Black Parade\AlbumArt_{43BB9AFF-6B2F-4C7B-B566-A650D959FDDB}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\The Black Parade\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\The Black Parade\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\Three Cheers For Sweet Revenge\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\Three Cheers For Sweet Revenge\AlbumArt_{4FB94773-5AE4-409F-A008-9208CFF58856}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\Three Cheers For Sweet Revenge\AlbumArt_{4FB94773-5AE4-409F-A008-9208CFF58856}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\Three Cheers For Sweet Revenge\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\My Chemical Romance\Three Cheers For Sweet Revenge\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Happiness.. Is Not A Fish._\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Happiness.. Is Not A Fish._\AlbumArt_{07B2BE86-E4E1-4B67-B8DD-94D5E333AD9F}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Happiness.. Is Not A Fish._\AlbumArt_{07B2BE86-E4E1-4B67-B8DD-94D5E333AD9F}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Happiness.. Is Not A Fish._\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Happiness.. Is Not A Fish._\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Our Lady Peace\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Our Lady Peace\AlbumArt_{B7B4522F-A2EE-4269-A6EC-E998119CFBFB}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Our Lady Peace\AlbumArt_{B7B4522F-A2EE-4269-A6EC-E998119CFBFB}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Our Lady Peace\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Our Lady Peace\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Spiritual Machines\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Spiritual Machines\AlbumArt_{83583D4D-8E41-43F0-A9D3-6D8BE7604274}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Spiritual Machines\AlbumArt_{83583D4D-8E41-43F0-A9D3-6D8BE7604274}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Spiritual Machines\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Our Lady Peace\Spiritual Machines\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\Unknown Album\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\Unknown Album\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\Unknown Album\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\Unknown Album\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Panic At The Disco\Unknown Album\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\Thumbs.db
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Can't Sweat Out\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Can't Sweat Out\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Can't Sweat Out\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Can't Sweat Out\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Can't Sweat Out\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Cant Sweat Out\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Cant Sweat Out\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Cant Sweat Out\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Cant Sweat Out\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\A Fever You Cant Sweat Out\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\The Only Difference Between Ma\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\The Only Difference Between Ma\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\The Only Difference Between Ma\AlbumArt_{CD5637E2-6E88-4D3A-9B6B-272E1CA73D5D}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\The Only Difference Between Ma\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\PANIC! At The Disco\The Only Difference Between Ma\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\Davidoff\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\Davidoff\AlbumArt_{CD4ABEA0-6A28-472A-A1E6-534353E30BC0}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\Davidoff\AlbumArt_{CD4ABEA0-6A28-472A-A1E6-534353E30BC0}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\Davidoff\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\Ray Charles\Davidoff\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\Reason\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\Reason\AlbumArt_{00000000-0000-0000-0000-000000000000}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\Reason\AlbumArt_{00000000-0000-0000-0000-000000000000}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\Reason\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Fray\Reason\Folder.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\Some Girls\AlbumArtSmall.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\Some Girls\AlbumArt_{7BD37586-16D6-4393-B4B4-181DA953F008}_Large.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\Some Girls\AlbumArt_{7BD37586-16D6-4393-B4B4-181DA953F008}_Small.jpg
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\Some Girls\desktop.ini
C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Messenger\x0viv0x@hotmail.com\Sharing Folders\crashintoy0u@hotmail.com\The Rolling Stones\Some Girls\Folder.jpg
C:\Documents and Settings\Jonathan\My Documents\My Received Files\~WRL0004.tmp
C:\Documents and Settings\Jonathan\My Documents\My Received Files\~WRL0771.tmp
C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0975.tmp
C:\WINNT\system32\config\DEFAULT.tmp.LOG
C:\WINNT\system32\config\SAM.tmp.LOG
C:\WINNT\system32\config\SECURITY.tmp.LOG
C:\WINNT\system32\config\SOFTWARE.tmp.LOG
C:\WINNT\system32\config\SYSTEM.tmp.LOG

Listing User Accounts:


Administrator ASPNET Guest
HelpAssistant Jonathan Owner
Patty SUPPORT_388945a0 Veronica
Yvonne


Finished


Logfile of HijackThis v1.99.1
Scan saved at 2:17:53 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\WINNT\system32\conime.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

#60 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 01 July 2007 - 08:23 PM

I think you have misunderstood my problem, it is not my internet browser crashing, it is the connection itself that resets.

I did understand as you can see by the following:

That program was only meant to try to fix the internet connection resetting problem.

I must have been distracted when I typed browser crashing.

I'll get back to as soon as I get through reading this SDFix log.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#61 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 01 July 2007 - 08:25 PM

Alright, sorry about that then. :p

#62 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 02 July 2007 - 05:10 PM

Not a problem at all!!! :p

Last night a family matter came up, and I didn’t get to read your entire log until today.

Well it looks like SDFix found no trojans. However, as well as RootkitRevealer, it did find hidden files that are not necessarily bad. Is there more than one user account in your system? If that is the case, all of those accounts need to be scan for malware individually, just in case one of them is corrupted.

OK, this is something that you might have tried already, but if you haven’t, please try it.

Go to Start/Control Panel/Network Connections and click on Local Area Connection/Support/Repair Just let it do the repair and see what happens.

Let me know what happens.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#63 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 03 July 2007 - 11:26 PM

I scanned each of the accounts manually, nothing showed up. I also tried the Repair, but my internet connection still disconnects every now and then.

#64 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 04 July 2007 - 11:09 PM

Now, I’m wondering if your internet connection problem has something to do with your cable modem. If that weird entry does belong to the Chinese software, it could more than likely be the modem instead of malware.

While I think of a another way to find this ?E?eXPAcAe±M·~ac Add/Remove entry, let’s get you to try to install Java again to see if you can get it done this time.

Sometimes when there are Java files left in the system, the new version has difficulties installing. So use RegSeeker to search and delete any java files in your system and then try to download and install Java again. Make sure you are set to show hidden files and folders before doing the search.

Here are the RegSeeker download and steps if you need them again:

http://www.majorgeek...wnload2579.html

The download link is just bellow the “Free Downloads from” you see in that page.

Extract all the files into a folder of its own and safe it in your document.
Then open the folder and click “RegSeeker” to open the program.

Below the name “RegSeeker” click “Find in Registry.”
type or copy and paste Java in the “Search for” window.
Click “Search”.

Once it finds it/them, highlight the entry/entries first. Then right click on it/them and choose delete.

Hide your files/folders when done.

If you find and delete any files, reboot before you try to install Java again.

Download link is here if you need it:
http://www.java.com/...load/manual.jsp

If the installation goes through, reboot and check in your control panel for the Java icon to see if it’s there.

Somehow when I copied and pasted the weird entry, it came out different. I edited to change it.

Edited by iguagaby, 04 July 2007 - 11:32 PM.

THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#65 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 05 July 2007 - 02:26 AM

The Java still didn't work. =(

#66 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 05 July 2007 - 03:15 PM

Have you been able to find your XP CD yet? It would help to check your system files to see if any of them are corrupted, in which case it would replace any corrupted ones.

I'm asking for some opinions from other staff on your weird entry. I keep thinking that it could be that Chinese translator program. However, the fact that you can't install Java and the internet connection keeps on reseting, makes me think otherwise.

OK, let's try uninstalling your F-Secure software completely. You can install it again later. I just want to see if it makes any difference. Sometimes anti-virus programs get corrupted and uninstalling them gets rid of the problem. In the meantime, you can install the free AVG anti-virus. Download link is here: http://free.grisoft....eweb.php/doc/2/
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#67 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 05 July 2007 - 11:59 PM

Re-installed it, my computer and the internet was going slow at first, but i restarted it and it started working fine, however the connection still resets after every couple of minutes.

#68 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 06 July 2007 - 08:43 PM

Hi JKWong,

In order to be able to troubleshoot, we need to uninstall F-Secure completely and wait to re-install it until further notice. Make sure you install AVG in the meantime.

We need to do some cleaning of temp files. First let’s clean your Cache and Cookies in IE:

1. Close all instances of Outlook Express and Internet Explorer
2. Go to Control Panel/Internet Options/General tab
3. Click the Delete Cookies button
4. Next to it, Click the Delete Files button
5. When prompted, place a check in: Delete all offline content, click OK

Now clean your Cache and Cookies in Firefox:

1. Go to Tools/Options.
2. Click Privacy in the menu on the left side of the Options window.
3. Click the Clear button located to the right of each option: History, Cookies, Cache.
4. Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information.

Just to make sure all of them are gone, clean other Temporary files + Recycle bin.

1. Go to Start/Run and type: cleanmgr and click ok.
2. Let it scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
4. Click OK to remove them.

Now please install the Windows Installer Cleanup Utility, and go to Start/All programs find it and open it. Select any Java entry you see there to delete.

Now try to download and install Java again, please.

I need you to export a key from the registry. Please run the following Batch file to see if we can find the weird entry somewhere in there.

Open notepad and copy and paste the following code in it:

regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"

Save this as look.bat , choose to save it as All Files and place it on your desktop.
Doubleclick look.bat and post the content of the txt file you get in your next reply, along with a fresh HJT log.

Edited by iguagaby, 06 July 2007 - 08:44 PM.

THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#69 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 06 July 2007 - 10:11 PM

When I double clicked look.bat, a command window would pop up, then close really quickly. I was also able to install Java.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:13 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Jonathan\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1160890996671
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

#70 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 06 July 2007 - 11:30 PM

Hurray!!!! At least we got rid of one problem!

Now, you either forgot to uninstall you F-Secure software, or you are not having any internet connection resetting problem after installing Java. Which one is it?

To find the txt file, open my computer, then click Local Disk C, and you should see the “look” file we want. Open it and copy its content to post for me to see.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#71 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 06 July 2007 - 11:48 PM

Whoops, sorry about the F-Secure, it's summer and I'm not sleeping properly. :p

Here is the look.bat file you wanted.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Professional]
"DisplayName"="Ad-Aware SE Professional"
"UninstallString"="C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\UNWISE.EXE C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\INSTALL.LOG"
"HelpLink"="http://www.lavasoft.com"
"Publisher"="Lavasoft"
"DisplayIcon"="C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Aware.exe,-0"
"URLInfoAbout"="http://www.lavasoft.com"
"DisplayVersion"="1.06"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Atmosphere Player]
"DisplayName"="Adobe Atmosphere Player for Acrobat and Adobe Reader"
"DisplayIcon"="C:\\WINNT\\atmoUn.exe"
"UninstallString"="C:\\WINNT\\atmoUn.exe"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
"DisplayName"="Adobe Flash Player Plugin"
"DisplayVersion"="9.0.45.0"
"Publisher"="Adobe Systems Incorporated"
"URLInfoAbout"="http://www.adobe.com...getflashplayer"
"DisplayIcon"="C:\\WINNT\\system32\\Macromed\\Flash\\uninstall_plugin.exe"
"UninstallString"="C:\\WINNT\\system32\\Macromed\\Flash\\uninstall_plugin.exe"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
"DisplayName"="Adobe Shockwave Player"
"UninstallString"="C:\\WINNT\\system32\\Macromed\\SHOCKW~2\\UNWISE.EXE C:\\WINNT\\system32\\Macromed\\SHOCKW~2\\Install.log"
"DisplayVersion"="10.2.0.22"
"Publisher"="Adobe Systems, Inc."
"URLInfoAbout"="http://www.adobe.com"
"HelpLink"="http://www.adobe.com...port/shockwave"
"URLUpdateInfo"="http://www.adobe.com...yer/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe® Photoshop® Album Starter Edition 3.2]
"DisplayName"="Adobe® Photoshop® Album Starter Edition 3.2"
"URLUpdateInfo"="http://www.adobe.com...lwin/main.html"
"URLInfoAbout"="http://www.adobe.com"
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,41,00,36,00,35,00,34,00,41,00,38,00,30,\
00,35,00,2d,00,34,00,31,00,44,00,39,00,2d,00,34,00,30,00,43,00,37,00,2d,00,\
41,00,41,00,34,00,36,00,2d,00,34,00,41,00,46,00,30,00,34,00,46,00,30,00,34,\
00,34,00,44,00,36,00,31,00,7d,00,00,00
"Size"=""
"Readme"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,64,00,6f,00,62,00,65,00,5c,00,\
50,00,68,00,6f,00,74,00,6f,00,73,00,68,00,6f,00,70,00,20,00,41,00,6c,00,62,\
00,75,00,6d,00,20,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,20,00,45,00,\
64,00,69,00,74,00,69,00,6f,00,6e,00,5c,00,33,00,2e,00,32,00,5c,00,72,00,65,\
00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,00
"Publisher"="http://www.adobe.com"
"InstallDate"=""
"HelpTelephone"=""
"HelpLink"=""
"DisplayVersion"="3.2.0"
"Contact"=""
"Comments"=""
"AuthorizedCDFPrefix"=""
"RegEulaAccepted"="0"
"PSASEVersion"="3.2.0"
"SEOEMName"=""
"PSASEVersionUpdate"="0"
"DisplayIcon"="C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\Photoshop Album Starter Edition.exe,-111"
"InstallLocation"="C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\"
"InstallPath"="C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75]
"DisplayName"="AVG Anti-Spyware 7.5"
"UninstallString"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\Uninstall.exe"
"InstallLocation"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5"
"DisplayIcon"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"
"Publisher"="Grisoft Ltd."
"HelpLink"="http://www.grisoft.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Azureus Vuze]
"DisplayName"="Azureus Vuze"
"DisplayIcon"="C:\\Program Files\\Azureus\\.install4j\\i4j_extf_3_5p83tu_1kde336.ico"
"UninstallString"="C:\\Program Files\\Azureus\\uninstall.exe"
"Publisher"="Azureus, Inc"
"URLInfoAbout"="http://www.azureus-inc.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BackWeb-8876480 Uninstaller]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayName"="CCleaner (remove only)"
"UninstallString"="\"C:\\Program Files\\CCleaner\\uninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Spyware]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Anti-Spyware\\FSASWINS.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Anti-Spyware\\fsaswuni.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Spyware\""
"ProductRegKey"="Anti-Spyware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Spyware Scanner]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Anti-Spyware\\FSASWSIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Anti-Spyware\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Spyware Scanner\""
"ProductRegKey"="Anti-Spyware Scanner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Virus]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Anti-Virus\\FSAVUNIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Anti-Virus\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Virus\""
"ProductRegKey"="Anti-Virus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Anti-Virus Client Security Installer]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Common\\FSAVCSIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Common\\fsavcsin.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Virus Client Security Installer\""
"ProductRegKey"="FSAVCSIN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Automatic Update Agent]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FSAUA\\FSAUA_I.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FSAUA\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Automatic Update Agent\""
"ProductRegKey"="FSAUA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure DAAS]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\DAAS\\DAASINST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\DAAS\\daasinst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure DAAS\""
"ProductRegKey"="DAAS"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Diagnostics]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Common\\fsdiagin.dll"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Common\\fsdiagun.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Diagnostics\""
"ProductRegKey"="Diagnostics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure E-mail Scanning]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FWES\\ES_setup.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FWES\\FSAVES_UNINST.LOG"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure E-mail Scanning\""
"ProductRegKey"="E-mail Scanning"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure FWES]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FWES\\FWESINST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FWES\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure FWES\""
"ProductRegKey"="FWES"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure GateKeeper Interface]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Scanner-Interface\\FSGKIAIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Scanner-Interface\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure GateKeeper Interface\""
"ProductRegKey"="GateKeeper Interface"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Gemini]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Gemini\\FSGEM_INST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Gemini\\fsgeminst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Gemini\""
"ProductRegKey"="Gemini"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure GUI]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FSGUI\\FSGUIINS.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FSGUI\\fsguiuni.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure GUI\""
"ProductRegKey"="F-Secure GUI"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Help]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FSGUI\\HELPINST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FSGUI\\helpuni.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Help\""
"ProductRegKey"="Help"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure HIPS]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\HIPS\\FSHIPS_SETUP.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\HIPS\\fshipsinst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure HIPS\""
"ProductRegKey"="HIPS"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Internet Shield]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FW\\FWINST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FW\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Internet Shield\""
"ProductRegKey"="Internet Shield"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Localization API]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Common\\FSLDIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Common\\fsld.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Localization API\""
"ProductRegKey"="Localization API"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Management Agent]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Common\\FSMAUNIN.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Common\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Management Agent\""
"ProductRegKey"="Management Agent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Pegasus Engine]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Pegasus\\pegasus_inst.dll"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Pegasus\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Pegasus Engine\""
"ProductRegKey"="Pegasus Engine"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Product 277]
"DisplayName"="Shaw Secure 2.0"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\PostInstall.exe\" /tUnInstall"
"DisplayIcon"="C:\\Program Files\\Shaw Secure\\FSGUI\\ico_setup.ico"
"InstallLocation"="C:\\Program Files\\Shaw Secure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Protocol Scanner]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\FSPS\\FSPSINST.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\FSPS\\fspsuni.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Protocol Scanner\""
"ProductRegKey"="Protocol Scanner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure TNB]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\TNB\\FSTNBINS.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\TNB\\fstnbins.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure TNB\""
"ProductRegKey"="TNB"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F-Secure Uninstall]
"UninstallDllPath"="C:\\Program Files\\Shaw Secure\\Uninstall\\UNINPLUG.DLL"
"UninstallLogPath"="C:\\Program Files\\Shaw Secure\\Uninstall\\dfuninst.log"
"UninstallationLanguage"="ENG"
"UninstallString"="\"C:\\Program Files\\Shaw Secure\\Uninstall\\fsuninst.exe\" /UninstRegKey:\"F-Secure Uninstall\""
"ProductRegKey"="Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 1.99.1"
"UninstallString"="C:\\Documents and Settings\\Jonathan\\Desktop\\hijackthis\\HijackThis.exe /uninstall"
"DisplayIcon"="C:\\Documents and Settings\\Jonathan\\Desktop\\hijackthis\\HijackThis.exe"
"DisplayVersion"="1.99.1"
"Publisher"="Soeperman Enterprises Ltd."
"URLInfoAbout"="http://www.spywarein...o.com/~merijn/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging]
"UninstallString"="C:\\Program Files\\HP\\Digital Imaging\\uninstall\\hpzscr01.exe -datfile hpqscr01.dat"
"DisplayName"="HP Photo & Imaging 3.1"
"DisplayIcon"="C:\\Program Files\\HP\\Digital Imaging\\uninstall\\hpzscr01.exe,0"
"DisplayVersion"="3.1"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"HelpLink"="http://www.hp.com/support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs]
"DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
"UninstallString"="\"C:\\WINNT\\$NtServicePackUninstallIDNMitigationAPIs$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061013"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HiddenByIE7Setup"=dword:00000001
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7]
"DisplayName"="Windows Internet Explorer 7"
"UninstallString"="\"C:\\WINNT\\ie7\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070617"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://www.microsoft.com/ie"
"URLInfoAbout"="http://www.microsoft.com/ie"
"DisplayVersion"="20061107.210142"
"DisplayIcon"="C:\\Program Files\\Internet Explorer\\iexplore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}]
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\\Setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}]
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}\\Setup.ilg"
"StatusText"="iPod for Windows 2005-09-23 Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}]
"UninstallString"="C:\\Program Files\\InstallShield Installation Information\\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\\setup.exe -runfromtemp -l0x0409"
"DisplayName"="Veoh Player"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\\Setup.ilg"
"Comments"=""
"Contact"=""
"DisplayVersion"="3.2.1"
"HelpTelephone"=""
"InstallDate"="20070628"
"InstallLocation"="C:\\Program Files\\Veoh Networks\\Veoh\\"
"ProductID"=""
"Publisher"="Veoh Networks, Inc."
"Readme"=""
"URLInfoAbout"="http://www.veoh.com"
"URLUpdateInfo"=""
"HelpLink"=hex(2):00,00
"EstimatedSize"=dword:0000199b
"Language"=dword:00000409
"Version"=dword:03020001
"VersionMajor"=dword:00000003
"VersionMinor"=dword:00000002
"DisplayIcon"=hex(2):00,00
"RegOwner"=" "
"RegCompany"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}]
"UninstallString"="C:\\Program Files\\Common Files\\InstallShield\\Driver\\8\\Intel 32\\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033 "
"DisplayName"="iPod for Windows 2005-09-23"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}\\Setup.ilg"
"Comments"=""
"Contact"="AppleCare"
"DisplayVersion"="4.3.0"
"HelpTelephone"=""
"InstallDate"="20051218"
"InstallLocation"="C:\\Program Files\\iPod\\"
"InstallSource"="C:\\WINNT\\Downloaded Installations\\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\\"
"ProductID"=""
"Publisher"="Apple Computer, Inc."
"Readme"="http://www.info.appl...downloads.html"
"URLInfoAbout"="http://www.apple.com"
"URLUpdateInfo"="http://www.info.appl...downloads.html"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,69,00,6e,00,66,00,6f,00,2e,00,61,00,70,00,70,00,6c,00,65,00,2e,00,63,\
00,6f,00,6d,00,00,00
"EstimatedSize"=dword:0000d494
"Language"=dword:00000000
"Version"=dword:04030000
"VersionMajor"=dword:00000004
"VersionMinor"=dword:00000003
"DisplayIcon"=""
"RegOwner"=" "
"RegCompany"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB870669]
"DisplayName"="Microsoft Data Access Components KB870669"
"QuietDisplayName"="Microsoft Data Access Components KB870669"
"UninstallString"="C:\\WINNT\\muninst.exe C:\\WINNT\\INF\\KB870669.inf"
"RequiresIESysFile"="6.0.2800.1106"
"QuietUninstallString"="C:\\WINNT\\muninst.exe /d C:\\WINNT\\INF\\KB870669.inf"
"HelpLinK"="http://support.micro...?kbid=KB870669"
"URLInfoAbout"="http://support.microsoft.com"
"Publisher"="Microsoft Corporation"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070617"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=892130"
"URLInfoAbout"="http://www.microsoft.com/genuine"
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969]
"DisplayName"="Security Update for Windows Internet Explorer 7 (KB929969)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070617"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=929969"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20061222.120000"
"ParentKeyName"="ie7Hotfix"
"ParentDisplayName"="Windows Internet Explorer 7 - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP0\\KB929969"
"HiddenByIE7Setup"=dword:00000001
"SystemComponent"=dword:00000001
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001
"DisplayIcon"="C:\\Program Files\\internet explorer\\iexplore.exe"
"RemoveOnIE7Uninstall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906]
"DisplayName"="Security Update for CAPICOM (KB931906)"
"DisplayVersion"="2.1.0.2"
"ParentDisplayName"="CAPICOM"
"ParentKeyName"="CAPICOM"
"Publisher"="Microsoft Corporation"
"ReleaseType"="Security Update"
"UninstallString"="MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}"
"HelpLink"="http://support.micro...om?kbid=931906"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7]
"DisplayName"="Security Update for Windows Internet Explorer 7 (KB933566)"
"UninstallString"="\"C:\\WINNT\\ie7updates\\KB933566-IE7\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070617"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=933566"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"DisplayIcon"="C:\\Program Files\\internet explorer\\iexplore.exe"
"ParentKeyName"="ie7Hotfix"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP0\\KB933566-IE7"
"RemoveOnIE7Uninstall"=dword:00000001
"ParentDisplayName"="Windows Internet Explorer 7 - Software Updates"
"ReleaseType"="Security Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaMonkey_is1]
"Inno Setup: Setup Version"="5.1.9"
"Inno Setup: App Path"="C:\\Program Files\\MediaMonkey"
"InstallLocation"="C:\\Program Files\\MediaMonkey\\"
"Inno Setup: Icon Group"="MediaMonkey"
"Inno Setup: User"="Jonathan"
"Inno Setup: Selected Tasks"="desktopicon,enablethemes"
"Inno Setup: Deselected Tasks"="quicklaunchicon"
"DisplayName"="MediaMonkey 2.5"
"DisplayIcon"="C:\\Program Files\\MediaMonkey\\MediaMonkey.exe"
"UninstallString"="\"C:\\Program Files\\MediaMonkey\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\MediaMonkey\\unins000.exe\" /SILENT"
"DisplayVersion"="2.5"
"Publisher"="Ventis Media Inc."
"URLInfoAbout"="http://www.mediamonkey.com"
"HelpLink"="http://www.mediamonkey.com"
"URLUpdateInfo"="http://www.mediamonkey.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20070705"
"Inno Setup CodeFile: Assoc Ogg"="1"
"Inno Setup CodeFile: Assoc Mp3"="1"
"Inno Setup CodeFile: Assoc WMA"="1"
"Inno Setup CodeFile: Assoc MPC"="1"
"Inno Setup CodeFile: Assoc CDA"="1"
"Inno Setup CodeFile: Assoc M3U"="1"
"Inno Setup CodeFile: Assoc PLS"="1"
"Inno Setup CodeFile: Assoc APE"="1"
"Inno Setup CodeFile: Assoc FLAC"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)]
"UninstallString"="msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"
"Readme"="file://C:\\WINNT\\Microsoft.NET\\Framework\\v1.1.4322\\1033\\RepairRedist.htm"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayIcon"="C:\\WINNT\\Microsoft.NET\\Framework\\v1.1.4322\\ndpsetup.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training]
"UninstallString"="C:\\WINNT\\IsUninst.exe -fC:\\WINNT\\orun32.isu"
"ISUninstaller"="C:\\WINNT\\ISUNINST.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.4)]
"Comments"="Mozilla Firefox"
"DisplayIcon"="C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"
"DisplayName"="Mozilla Firefox (2.0.0.4)"
"DisplayVersion"="2.0.0.4 (en-US)"
"InstallLocation"="C:\\Program Files\\Mozilla Firefox"
"Publisher"="Mozilla"
"UninstallString"="C:\\Program Files\\Mozilla Firefox\\uninstall\\helper.exe"
"URLInfoAbout"="http://en-US.www.moz...lla.com/en-US/"
"URLUpdateInfo"="http://en-US.www.moz...en-US/firefox/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Music Assistant]
"DisplayName"="MSN Music Assistant"
"UninstallString"="rundll32 advpack.dll,LaunchINFSection C:\\WINNT\\INF\\msninst.inf,Uninstall"
"DisplayIcon"="C:\\Progra~1\\MsnMusic\\4022011\\MsnMusic.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSNMS]
"DisplayName"="MSN Internet Software"
"UninstallString"="C:\\Program Files\\MSN\\MSNCoreFiles\\Setup\\msnunin.exe"
"DisplayIcon"="C:\\Program Files\\MSN\\MSNCoreFiles\\msnms.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey]
"DisplayIcon"="C:\\Program Files\\Ahead\\nero\\nero.exe"
"DisplayName"="Nero OEM"
"SRCConcept"=dword:00000001
"UninstallString"="C:\\Program Files\\Ahead\\nero\\uninstall\\UNNERO.exe /UNINSTALL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero BurnRights!UninstallKey]
"UninstallString"="C:\\WINNT\\UNNeroBurnRights.exe /UNINSTALL"
"DisplayName"="Ahead Nero BurnRights"
"DisplayIcon"="Setup.exe"
"SRCConcept"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting]
"RequiresIESysFile"="4.71"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping]
"DisplayName"="Microsoft National Language Support Downlevel APIs"
"UninstallString"="\"C:\\WINNT\\$NtServicePackUninstallNLSDownlevelMapping$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20061013"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HiddenByIE7Setup"=dword:00000001
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OfotoEZUpload]
"DisplayName"="Ofoto Easy Upload ActiveX Control"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINNT\\Downloaded Program Files\\axofupld.inf, Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]
"UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINNT\\INF\\PCHealth.inf"
"QuietUninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINNT\\INF\\PCHealth.inf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet]
"DisplayName"="Intel® PRO Network Adapters and Drivers"
"UninstallString"="Prounstl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Q9 XP Big5 Pro]
"DisplayName"="Q9 XP Big5 Pro"
"UninstallString"="C:\\WINNT\\System32\\Q9xpb5u.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst]
"QuietUninstallString"="C:\\Program Files\\Common Files\\Symantec Shared\\SEVINST.EXE /U /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave]
"DisplayName"="Shockwave"
"UninstallString"="C:\\WINNT\\system32\\Macromed\\SHOCKW~1\\UNWISE.EXE C:\\WINNT\\system32\\Macromed\\SHOCKW~1\\Install.log"
"QuietDisplayName"="Shockwave Director 10.2"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINNT\\\\INF\\\\swdir.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]
"QuietDisplayName"="Shockwave Flash"
"QuietUninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINNT\\INF\\swflash.inf,DefaultUninstall,5"
"RequiresIESysFile"="4.70.0.1155"
"DisplayName"="Macromedia Flash Player 8"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINNT\\INF\\swflash.inf,DefaultUninstall,5"
"Publisher"="Macromedia"
"DisplayVersion"="8"
"VersionMajor"="8"
"VersionMinor"="0"
"HelpLink"="http://www.macromedi...layer_support/"
"URLUpdateInfo"="http://www.macromedi...o/flashplayer/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1]
"Inno Setup: Setup Version"="5.1.1-beta"
"Inno Setup: App Path"="C:\\Program Files\\Spybot - Search & Destroy"
"InstallLocation"="C:\\Program Files\\Spybot - Search & Destroy\\"
"Inno Setup: Icon Group"="Spybot - Search & Destroy"
"Inno Setup: User"="Jonathan"
"Inno Setup: Setup Type"="full"
"Inno Setup: Selected Components"="main,language,skins"
"Inno Setup: Deselected Components"="blind,updatedl"
"Inno Setup: Selected Tasks"="desktopicon,quicklaunchicon,launchsdhelper"
"Inno Setup: Deselected Tasks"="launchteatimer"
"DisplayName"="Spybot - Search & Destroy 1.4"
"DisplayIcon"="C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"
"UninstallString"="\"C:\\Program Files\\Spybot - Search & Destroy\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\Spybot - Search & Destroy\\unins000.exe\" /SILENT"
"DisplayVersion"="1.4"
"Publisher"="Safer Networking Limited"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Visual Basic 6.0 Professional Edition]
"DisplayName"="Microsoft Visual Basic 6.0 Professional Edition"
"UninstallString"="\"C:\\Program Files\\Microsoft Visual Studio\\VB98\\Setup\\1033\\Setup.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebPost]
"DisplayName"="Microsoft Web Publishing Wizard 1.53"
"QuietUninstallString"="RunDll32 ADVPACK.DLL,LaunchINFSection C:\\WINNT\\INF\\wpie3x86.inf,WebPostUninstall,5"
"RequiresIESysFile"="4.70.1155.0"
"UninstallString"="RunDll32 ADVPACK.DLL,LaunchINFSection C:\\WINNT\\INF\\wpie3x86.inf,WebPostUninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20060622"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=892130"
"URLInfoAbout"="http://www.microsoft.com/genuine"
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001
"DisplayVersion"="1.7.0036.0"
"VersionMajor"="1"
"VersionMinor"="0"
"ParentKeyName"="OperatingSystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify]
"DisplayName"="Windows Genuine Advantage Notifications (KB905474)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070617"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=905474"
"URLInfoAbout"="http://www.microsoft.com/genuine"
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001
"DisplayVersion"="1.7.0018.5"
"VersionMajor"="2"
"VersionMinor"="0"
"ParentKeyName"="OperatingSystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack]
"DisplayName"="Windows XP Service Pack 2"
"UninstallString"="C:\\WINNT\\$NtServicePackUninstall$\\spuninst\\spuninst.exe"
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=811113"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20040803.231319"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
"DisplayName"="WinRAR archiver"
"UninstallString"="C:\\Program Files\\WinRAR\\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000]
"DisplayName"="Microsoft User-Mode Driver Framework Feature Pack 1.0"
"UninstallString"="\"C:\\WINNT\\$NtUninstallWudf01000$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20060620"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"URLInfoAbout"="http://support.microsoft.com"
"Comments"="Build Number 5716"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Anti-Spy]
"UninstallString"="C:\\PROGRA~1\\Yahoo!\\YPSR\\unwise32.exe /U C:\\PROGRA~1\\Yahoo!\\YPSR\\ypsrinst.log"
"DisplayName"="Yahoo! Anti-Spy"
"DisplayIcon"="C:\\PROGRA~1\\Yahoo!\\YPSR\\Antispy.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper]
"DisplayName"="Yahoo! Install Manager"
"UninstallString"="C:\\WINNT\\System32\\regsvr32 /u C:\\WINNT\\DOWNLO~1\\YINSTH~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHTIELangPack]
"DisplayName"="Chinese (Traditional) Language Support"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection C:\\WINNT\\INF\\tw.inf, Uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00000000-3976-4267-9F39-1DC4745090B7}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2003"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20040317"
"InstallLocation"=""
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
30,00,2d,00,33,00,39,00,37,00,36,00,2d,00,34,00,32,00,36,00,37,00,2d,00,39,\
00,46,00,33,00,39,00,2d,00,31,00,44,00,43,00,34,00,37,00,34,00,35,00,30,00,\
39,00,30,00,42,00,37,00,7d,00,00,00
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,30,00,30,00,30,00,30,00,30,00,30,00,30,\
00,30,00,2d,00,33,00,39,00,37,00,36,00,2d,00,34,00,32,00,36,00,37,00,2d,00,\
39,00,46,00,33,00,39,00,2d,00,31,00,44,00,43,00,34,00,37,00,34,00,35,00,30,\
00,39,00,30,00,42,00,37,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:000007d3
"VersionMinor"=dword:000007d3
"WindowsInstaller"=dword:00000001
"Version"=dword:d3000000
"Language"=dword:00000409
"DisplayName"="Microsoft Learning and Research Plus Support Files"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08094E03-AFE4-4853-9D31-6D0743DF5328}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AppleCare Support"
"DisplayVersion"="7.1.6.200"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,61,00,70,00,70,00,6c,00,65,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,\
00,70,00,70,00,6f,00,72,00,74,00,2f,00,00,00
"HelpTelephone"="1-800-275-2273"
"InstallDate"="20070616"
"InstallLocation"="C:\\Program Files\\QuickTime\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,30,00,38,00,30,00,39,00,34,00,45,00,30,00,\
33,00,2d,00,41,00,46,00,45,00,34,00,2d,00,34,00,38,00,35,00,33,00,2d,00,39,\
00,44,00,33,00,31,00,2d,00,36,00,44,00,30,00,37,00,34,00,33,00,44,00,46,00,\
35,00,33,00,32,00,38,00,7d,00,00,00
"Publisher"="Apple Computer, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00011a43
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,30,00,38,00,30,00,39,00,34,00,45,00,30,\
00,33,00,2d,00,41,00,46,00,45,00,34,00,2d,00,34,00,38,00,35,00,33,00,2d,00,\
39,00,44,00,33,00,31,00,2d,00,36,00,44,00,30,00,37,00,34,00,33,00,44,00,46,\
00,35,00,33,00,32,00,38,00,7d,00,00,00
"URLInfoAbout"="http://www.apple.com"
"URLUpdateInfo"="http://www.apple.com/quicktime/"
"VersionMajor"=dword:00000007
"VersionMinor"=dword:00000001
"WindowsInstaller"=dword:00000001
"Version"=dword:07010006
"Language"=dword:00000409
"DisplayName"="QuickTime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{092eeeee-9fdd-4895-a568-0818c96beb6c}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="5.31.1.27"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20040507"
"InstallLocation"=""
"InstallSource"="D:\\Setup\\AiO_Scan\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Hewlett-Packard"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000000fe
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.hp.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000005
"VersionMinor"=dword:0000001f
"WindowsInstaller"=dword:00000001
"Version"=dword:051f0001
&qu

#72 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 07 July 2007 - 04:29 PM

I'll take a close look at your uninstall key. In the meantime, please post a fresh HJT log for me, and then get some sleep. :p :D
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#73 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 07 July 2007 - 08:51 PM

JKWong,

I don't see the entry we are looking. Can you please check to make sure the entire registry export was posted?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#74 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 07 July 2007 - 11:19 PM

I forgot to ask if you have found your Windows XP CD yet. Any luck with that?

By the way, is your connection problem happening on a regular bases or just when using certain P2P programs?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#75 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 08 July 2007 - 11:36 PM

Hey iguagaby,

Sorry but I haven't done a lot in the past couple of days, I've been really busy. As for the look.bat file, yes that was the whole entry, if you want me to post the log again I can. My XP CD is still missing, but I'm pretty sure I have a good idea where it is. My connection problems seems to have escalated when I use programs such as MSN or when I play online games. Also my friend told me about a worm that infects the computer and sends Chinese Text based programs to the computer and can also infect USB ports. Recently, my iPod has been unable to function properly, and I think something like this worm might have caused that. Also I get a lot of Chinese spam in my email too. I think it might be something like this worm because that file seems to look, well, Chinesey, if you know what I mean. I'm going to uninstall my F-Secure and get that HJT file for you in a bit.

#76 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 09 July 2007 - 10:35 PM

Ok, I'm waiting to see if uninstalling the F-Software makes any difference, and remember to install AVG while we trouble shoot. Make sure none of the F-Secure files are left.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#77 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 16 July 2007 - 06:00 PM

Hi JKWong,

Do you have any update?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#78 JKWong

JKWong

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2007 - 10:04 PM

igaugbaby,

My computer has been acting up alot lately, the monitor has been overheating quite a bit and when I log into my account the computer automatically resets itself. I tried scanning in safe mode, and it said I had a worm and a trojan. I tried removing them in safe mode, but the computer still reset itself. The free-trial version for AVG ran out, so i tried to uninstall and reinstall a new one. However, something seems to be wrong and it cannot receive updates. Right now if I uninstall my F-Secure my computer will be unprotected. I'm kind of unsure what to do right now. I logged on to my computer by fiddling around with the startup options. I chose "start up with last known settings that worked". Your help is greatly appreciated.

#79 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 July 2007 - 11:16 PM

Hi JKWong,

Free AVG should be able to work just fine. You can update it manually also, or uninstall it completely along with all its files, and go here to download the free KAV Personal 5.0 Trial (good for 30 days)
http://www.kaspersky...apter=146481750

Let it scan you system in normal mode and then in safe mode. Let it clean anything it finds and reboot.


Did you install the two following Chinese translator programs?

九方XP繁體專業版
Q9 XP Big5 Pro

If so, I hope you have the CDs so we can uninstall them and reinstall them later. If it is a Chinese related worm, it might have embedded itself in that software.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#80 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 06 August 2007 - 11:34 PM

Hi JKWong,

I was just wondering how you are doing with your PC. Should I close this topic?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#81 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 12 August 2007 - 12:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button