Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » philipwk log

Goto page : 1, 2  Next

View previous topic View next topic Go down  Message [Page 1 of 2]

1 philipwk log on Sat Apr 23, 2011 2:32 am

philipwk


Member
Member
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/22/2011 5:38:14 PM
mbam-log-2011-04-22 (17-38-14).txt

Scan type: Quick scan
Objects scanned: 183627
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoWNKtoBbTfMqRQ (Trojan.FakeAlert) -> Value: GoWNKtoBbTfMqRQ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\gownktobbtfmqrq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\itlnfw32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\16899892.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.019796283825301852.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.09884048293238279.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.21870310611980437.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.5718803396663437.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\null0.8356442089299158.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\jar_cache1442940674180269922.tmp (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\temp\jar_cache2772797397516559471.tmp (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\temp\jar_cache6944927343098075797.tmp (Trojan.FakeAlert) -> Delete on reboot.
___________________________________________________________________________________________________________________
mss log:
MySystem-Search


MSS v1.7


Basic System Information

Username: Philip - Date: 04/22/2011 - Time: 23:00:39

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 10 Stepping 0, AuthenticAMD
Total processors: 1
Computer Name: DARREN
Logon Server: \\DARREN


CD Emulation Drivers running?

DAEMON Tools/Duplex Secure found!


Peer-to-Peer applications?



Security Tools Check

CCleaner
Trend Micro HijackThis
Malwarebytes' Anti-Malware


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
smss.exe 716 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 780 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 812 High C:\WINDOWS\system32\winlogon.exe
avgchsvx.exe 824 Normal C:\Program Files\AVG\AVG9\avgchsvx.exe
avgrsx.exe 832 Normal C:\Program Files\AVG\AVG9\avgrsx.exe
avgcsrvx.exe 904 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
services.exe 936 Normal C:\WINDOWS\system32\services.exe
lsass.exe 948 Normal C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe 1340 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 1364 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1452 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1628 Normal C:\WINDOWS\System32\svchost.exe
Ati2evxx.exe 1752 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 1908 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 268 Normal C:\WINDOWS\system32\spoolsv.exe
AppleMobileDeviceService.exe 1380 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
avgwdsvc.exe 1528 Normal C:\Program Files\AVG\AVG9\avgwdsvc.exe
mDNSResponder.exe 1548 Normal C:\Program Files\Bonjour\mDNSResponder.exe
jqs.exe 1896 Idle C:\Program Files\Java\jre6\bin\jqs.exe
MDM.EXE 1980 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
MSCamS32.exe 308 Normal C:\Program Files\Microsoft LifeCam\MSCamS32.exe
RosettaStoneDaemon.exe 404 Normal C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
SeaPort.EXE 484 Normal C:\Program Files\Microsoft\BingBar\SeaPort.EXE
svchost.exe 536 Normal C:\WINDOWS\System32\svchost.exe
WLIDSVC.EXE 624 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
avgnsx.exe 1716 Normal C:\Program Files\AVG\AVG9\avgnsx.exe
wuauclt.exe 2268 Normal C:\WINDOWS\system32\wuauclt.exe
Explorer.EXE 2380 Normal C:\WINDOWS\Explorer.EXE
WLIDSvcM.exe 2572 Normal C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
alg.exe 2724 Normal C:\WINDOWS\System32\alg.exe
SOUNDMAN.EXE 3156 Normal C:\WINDOWS\SOUNDMAN.EXE
shwicon.exe 3172 Normal C:\Program Files\USB Product Driver v2.16r002\shwicon.exe
hpcmpmgr.exe 3228 Normal C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
avgtray.exe 3264 Normal C:\PROGRA~1\AVG\AVG9\avgtray.exe
atiptaxx.exe 3288 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Acrobat_sl.exe 3324 Normal C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
Acrotray.exe 3384 Normal C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
iTunesHelper.exe 3752 Normal C:\Program Files\iTunes\iTunesHelper.exe
brctrcen.exe 3852 Normal C:\Program Files\Brother\ControlCenter2\brctrcen.exe
ctfmon.exe 3864 Normal C:\WINDOWS\system32\ctfmon.exe
GoogleToolbarNotifier.exe 3876 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
CLI.EXE 3888 Normal C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
hptskmgr.exe 3696 Normal C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
iPodService.exe 140 Normal C:\Program Files\iPod\bin\iPodService.exe
cli.exe 3432 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
cli.exe 3460 Normal C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
IEXPLORE.EXE 3544 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
IEXPLORE.EXE 2192 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
IEXPLORE.EXE 3496 Normal C:\Program Files\Internet Explorer\IEXPLORE.EXE
mss.exe 3952 Normal C:\Documents and Settings\Philip\Desktop\mss.exe
cmd.exe 3688 Normal C:\WINDOWS\system32\cmd.exe
pv.exe 2652 Normal C:\Documents and Settings\Philip\Desktop\pv.exe


User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x25b12bb8
ProfileLoadTimeHigh REG_DWORD 0x1cc017b
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x2503200e
ProfileLoadTimeHigh REG_DWORD 0x1cc017b
RefCount REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1202660629-583907252-725345543-1003
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Philip
Sid REG_BINARY 0105000000000005150000001525AF47B4B7CD2207E53B2BEB030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x2bfce160
ProfileLoadTimeHigh REG_DWORD 0x1cc017b
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1202660629-583907252-725345543-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Wayne
Sid REG_BINARY 0105000000000005150000001525AF47B4B7CD2207E53B2BEE030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xa7b887fc
ProfileLoadTimeHigh REG_DWORD 0x1cbd5e1
RefCount REG_DWORD 0x1
OptimizedLogonStatus REG_DWORD 0xb
RunLogonScriptSync REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1202660629-583907252-725345543-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 0105000000000005150000001525AF47B4B7CD2207E53B2BF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xa6877f0e
ProfileLoadTimeHigh REG_DWORD 0x1cc00a3
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb


Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
AWC AutoSweep.job
AWC Update.job
Driver Robot.job
Google Software Updater.job
GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003Core.job
GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003UA.job
ParetoLogic Registration3.job
ParetoLogic Update Version3.job
PC Health Advisor Defrag.job
PC Health Advisor.job
Scheduled Update for Ask Toolbar.job
WebReg 20090507203209.job
desktop.ini
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 90EC-904F

Directory of C:\Windows\System32\Drivers

05/23/2009 20:55 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
01/11/2011 21:50 0 MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
05/23/2009 20:55 0 Msft_Kernel_motmodem_01005.Wdf
01/11/2011 21:50 0 Msft_Kernel_motmodem_01007.Wdf
4 File(s) 0 bytes
0 Dir(s) 39,629,312,000 bytes free
Volume in drive C has no label.
Volume Serial Number is 90EC-904F

Directory of C:\Windows\System32\Drivers

09/10/1999 12:06 25,244 ASPI32.SYS
03/29/2000 07:17 5,824 ASUSHWIO.SYS
08/17/2001 06:28 794,399 USR1806V.SYS
08/17/2001 06:46 6,400 enum1394.sys
08/17/2001 06:57 16,128 MODEMCSA.sys
08/17/2001 06:59 3,072 audstub.sys
08/17/2001 07:00 2,944 msmpu401.sys
08/17/2001 13:48 12,160 mouhid.sys
08/17/2001 14:51 18,688 irsir.sys
08/17/2001 14:51 19,584 rasirda.sys
08/17/2001 14:51 3,328 pciide.sys
04/15/2002 22:11 67,866 netwlan5.img
08/13/2002 06:27 74,338 el90Xbc5.SYS
09/05/2002 20:24 13,568 nv_agp.SYS
09/22/2002 19:37 42 jedireg.pat
09/22/2002 19:37 80,896 NVENET.sys
09/22/2002 19:37 122 ramsed.bin
09/22/2002 19:37 1,024 jedih2rx.bin
03/31/2003 05:00 16,512 raspti.sys
03/31/2003 05:00 32,896 ipfltdrv.sys
03/31/2003 05:00 8,832 rasacd.sys
03/31/2003 05:00 34,432 rawwan.sys
03/31/2003 05:00 17,792 ptilink.sys
03/31/2003 05:00 4,736 usbd.sys
03/31/2003 05:00 12,160 fsvga.sys
03/31/2003 05:00 7,936 fs_rec.sys
03/31/2003 05:00 4,224 rdpcdd.sys
03/31/2003 05:00 125,056 ftdisk.sys
03/31/2003 05:00 3,328 dxgthk.sys
03/31/2003 05:00 4,352 wmilib.sys
03/31/2003 05:00 10,496 dxapi.sys
03/31/2003 05:00 21,376 tsbvcap.sys
03/31/2003 05:00 51,712 tosdvd.sys
03/31/2003 05:00 7,680 mcd.sys
03/31/2003 05:00 5,888 dmload.sys
03/31/2003 05:00 4,224 mnmdd.sys
03/31/2003 05:00 3,440,660 gm.dls
03/31/2003 05:00 11,648 acpiec.sys
03/31/2003 05:00 3,456 oprghdlr.sys
03/31/2003 05:00 12,032 rio8drv.sys
03/31/2003 05:00 55,936 nwlnkspx.sys
03/31/2003 05:00 11,776 cpqdap01.sys
03/31/2003 05:00 262,528 cinemst2.sys
03/31/2003 05:00 14,592 smclib.sys
03/31/2003 05:00 18,688 cdaudio.sys
03/31/2003 05:00 13,952 cbidf2k.sys
03/31/2003 05:00 12,032 ws2ifsl.sys
03/31/2003 05:00 12,032 nikedrv.sys
03/31/2003 05:00 2,944 null.sys
03/31/2003 05:00 4,224 beep.sys
03/31/2003 05:00 12,032 riodrv.sys
03/31/2003 05:00 58,112 vdmindvd.sys
03/31/2003 05:00 646 gmreadme.txt
03/31/2003 05:00 6,784 parvdm.sys
03/31/2003 05:00 5,888 rootmdm.sys
03/31/2003 05:00 352,256 atmuni.sys
03/31/2003 05:00 63,232 nwlnknb.sys
03/31/2003 05:00 32,512 nwlnkfwd.sys
03/31/2003 05:00 31,360 atmepvc.sys
03/31/2003 05:00 12,416 nwlnkflt.sys
08/22/2003 13:03 105,633 ET251.sys
09/29/2003 22:25 22,880 Gvcpldrv.sys
01/05/2004 00:27 51,056 hpzid412.sys
01/05/2004 00:27 21,488 HPZius12.sys
01/05/2004 00:27 16,496 HPZipr12.sys
05/25/2004 15:58 48,640 nvax.sys
05/25/2004 15:58 66,688 nvarm.sys
05/25/2004 15:58 396,032 nvapu.sys
05/25/2004 15:58 962,560 nvmcp.sys
07/17/2004 11:36 64,352 ativmc20.cod
07/17/2004 22:55 129,045 cxthsfs2.cty
08/03/2004 22:29 327,040 ati2mtaa.sys
08/03/2004 22:29 57,856 atinbtxx.sys
08/03/2004 22:29 13,824 atinmdxx.sys
08/03/2004 22:29 12,047 ati1pdxx.sys
08/03/2004 22:29 52,224 atinraxx.sys
08/03/2004 22:29 11,615 ati1mdxx.sys
08/03/2004 22:29 56,623 ati1btxx.sys
08/03/2004 22:29 14,336 atinpdxx.sys
08/03/2004 22:29 28,672 atinsnxx.sys
08/03/2004 22:29 104,960 atinrvxx.sys
08/03/2004 22:29 13,824 atinttxx.sys
08/03/2004 22:29 30,671 ati1raxx.sys
08/03/2004 22:29 63,663 ati1rvxx.sys
08/03/2004 22:29 36,463 ati1tuxx.sys
08/03/2004 22:29 31,744 atinxbxx.sys
08/03/2004 22:29 29,455 ati1xbxx.sys
08/03/2004 22:29 73,216 atintuxx.sys
08/03/2004 22:29 34,735 ati1xsxx.sys
08/03/2004 22:29 26,367 ati1snxx.sys
08/03/2004 22:29 21,343 ati1ttxx.sys
08/03/2004 22:29 63,488 atinxsxx.sys
08/03/2004 22:29 452,736 mtxparhm.sys
08/03/2004 22:29 11,807 wadv07nt.sys
08/03/2004 22:29 11,295 wadv08nt.sys
08/03/2004 22:29 11,871 wadv09nt.sys
08/03/2004 22:29 11,935 wadv11nt.sys
08/03/2004 22:29 22,271 watv06nt.sys
08/03/2004 22:29 25,471 watv10nt.sys
08/03/2004 22:29 166,912 s3gnbm.sys
08/03/2004 22:29 1,897,408 nv4_mini.sys
08/03/2004 22:41 1,309,184 mtlstrm.sys
08/03/2004 22:41 126,686 mtlmnt5.sys
08/03/2004 22:41 13,776 recagent.sys
08/03/2004 22:41 180,360 ntmtlfax.sys
08/03/2004 22:41 129,535 slnt7554.sys
08/03/2004 22:41 404,990 slntamr.sys
08/03/2004 22:41 95,424 slnthal.sys
08/03/2004 22:41 13,240 slwdmsup.sys
08/03/2004 22:41 220,032 hsfbs2s2.sys
08/03/2004 22:41 685,056 hsfcxts2.sys
08/03/2004 22:41 1,041,536 hsfdpsp2.sys
08/03/2004 22:41 11,868 mdmxsdk.sys
10/15/2004 12:50 15,295 BrScnUsb.sys
02/23/2005 14:58 11,776 afc.sys
07/25/2005 11:04 48,640 ser2pl.sys
04/26/2006 14:21 25,214 VOLHelp.ico
08/23/2006 14:26 2,096 ativdkxx.vp
08/23/2006 14:26 2,096 ativckxx.vp
08/23/2006 14:26 655,842 ativcaxx.cpa
08/23/2006 14:26 929 ativcaxx.vp
09/28/2006 18:55 77,568 WudfPf.sys
09/28/2006 19:00 82,944 WudfRd.sys
10/11/2006 18:21 49,152 ati2erec.dll
10/11/2006 18:43 1,777,152 ati2mtag.sys
10/11/2006 19:11 36,272 ativvpxx.vp
10/18/2006 20:00 38,528 wpdusb.sys
03/27/2008 17:27 503,008 wdf01000.sys
03/27/2008 17:27 35,040 wdfldr.sys
04/13/2008 09:36 144,384 hdaudbus.sys
04/13/2008 09:39 20,480 secdrv.sys
04/13/2008 09:39 142,592 aec.sys
04/13/2008 11:31 35,840 processr.sys
04/13/2008 11:31 42,752 p3.sys
04/13/2008 11:31 37,376 amdk6.sys
04/13/2008 11:31 36,352 intelppm.sys
04/13/2008 11:31 36,736 crusoe.sys
04/13/2008 11:31 37,760 amdk7.sys
04/13/2008 11:32 66,048 udfs.sys
04/13/2008 11:32 30,848 npfs.sys
04/13/2008 11:32 19,072 msfs.sys
04/13/2008 11:32 180,608 mrxdav.sys
04/13/2008 11:32 196,224 rdpdr.sys
04/13/2008 11:32 129,792 fltmgr.sys
04/13/2008 11:33 44,544 fips.sys
04/13/2008 11:34 163,584 nwrdr.sys
04/13/2008 11:36 5,888 smbali.sys
04/13/2008 11:36 187,776 acpi.sys
04/13/2008 11:36 42,752 alim1541.sys
04/13/2008 11:36 42,368 agp440.sys
04/13/2008 11:36 44,928 agpcpq.sys
04/13/2008 11:36 43,008 amdagp.sys
04/13/2008 11:36 40,960 sisagp.sys
04/13/2008 11:36 42,240 viaagp.sys
04/13/2008 11:36 46,464 gagp30kx.sys
04/13/2008 11:36 44,672 uagp35.sys
04/13/2008 11:36 63,744 mf.sys
04/13/2008 11:36 37,248 isapnp.sys
04/13/2008 11:36 120,192 pcmcia.sys
04/13/2008 11:36 79,232 sdbus.sys
04/13/2008 11:36 68,224 pci.sys
04/13/2008 11:36 15,488 mssmbios.sys
04/13/2008 11:36 73,472 sr.sys
04/13/2008 11:38 71,168 dxg.sys
04/13/2008 11:39 92,544 mqac.sys
04/13/2008 11:39 384,768 update.sys
04/13/2008 11:39 42,368 mountmgr.sys
04/13/2008 11:39 24,576 kbdclass.sys
04/13/2008 11:39 23,040 mouclass.sys
04/13/2008 11:39 5,376 mspclock.sys
04/13/2008 11:39 4,992 mspqm.sys
04/13/2008 11:39 7,552 mskssrv.sys
04/13/2008 11:39 4,352 swenum.sys
04/13/2008 11:40 80,128 parport.sys
04/13/2008 11:40 15,744 serenum.sys
04/13/2008 11:40 20,480 flpydisk.sys
04/13/2008 11:40 27,392 fdc.sys
04/13/2008 11:40 57,600 redbook.sys
04/13/2008 11:40 24,960 pciidex.sys
04/13/2008 11:40 96,384 scsiport.sys
04/13/2008 11:40 96,512 atapi.sys
04/13/2008 11:40 14,208 diskdump.sys
04/13/2008 11:40 62,976 cdrom.sys
04/13/2008 11:40 36,352 disk.sys
04/13/2008 11:40 11,904 sffdisk.sys
04/13/2008 11:40 11,008 sffp_sd.sys
04/13/2008 11:40 11,392 sfloppy.sys
04/13/2008 11:40 10,240 sffp_mmc.sys
04/13/2008 11:40 19,712 partmgr.sys
04/13/2008 11:40 14,976 tape.sys
04/13/2008 11:40 42,112 imapi.sys
04/13/2008 11:41 52,352 volsnap.sys
04/13/2008 11:43 12,672 mutohpen.sys
04/13/2008 11:43 14,208 wacompen.sys
04/13/2008 11:44 20,992 vga.sys
04/13/2008 11:44 81,664 videoprt.sys
04/13/2008 11:44 153,344 dmio.sys
04/13/2008 11:44 799,744 dmboot.sys
04/13/2008 11:45 52,864 dmusic.sys
04/13/2008 11:45 6,272 splitter.sys
04/13/2008 11:45 172,416 kmixer.sys
04/13/2008 11:45 56,576 swmidi.sys
04/13/2008 11:45 2,944 drmkaud.sys
04/13/2008 11:45 60,160 drmk.sys
04/13/2008 11:45 49,408 stream.sys
04/13/2008 11:45 24,960 hidparse.sys
04/13/2008 11:45 19,200 hidir.sys
04/13/2008 11:45 36,864 hidclass.sys
04/13/2008 11:45 10,368 hidusb.sys
04/13/2008 11:45 10,624 gameenum.sys
04/13/2008 11:45 46,592 irbus.sys
04/13/2008 11:45 15,104 usbscan.sys
04/13/2008 11:45 17,152 usbohci.sys
04/13/2008 11:45 30,208 usbehci.sys
04/13/2008 11:45 143,872 usbport.sys
04/13/2008 11:45 26,112 usbser.sys
04/13/2008 11:45 59,520 usbhub.sys
04/13/2008 11:45 26,368 usbstor.sys
04/13/2008 11:45 32,128 usbccgp.sys
04/13/2008 11:45 25,600 usbcamd.sys
04/13/2008 11:45 25,728 usbcamd2.sys
04/13/2008 11:45 15,872 usbintel.sys
04/13/2008 11:46 25,344 sonydcam.sys
04/13/2008 11:46 53,376 1394bus.sys
04/13/2008 11:46 61,696 ohci1394.sys
04/13/2008 11:46 121,984 usbvideo.sys
04/13/2008 11:46 18,944 bthusb.sys
04/13/2008 11:46 25,600 hidbth.sys
04/13/2008 11:46 36,480 bthprint.sys
04/13/2008 11:46 59,136 rfcomm.sys
04/13/2008 11:46 17,024 bthenum.sys
04/13/2008 11:46 37,888 bthmodem.sys
04/13/2008 11:47 25,856 usbprint.sys
04/13/2008 11:51 60,800 arp1394.sys
04/13/2008 11:51 59,904 atmarpc.sys
04/13/2008 11:51 61,824 nic1394.sys
04/13/2008 11:51 55,808 atmlane.sys
04/13/2008 11:51 101,120 bthpan.sys
04/13/2008 11:53 40,320 nmnt.sys
04/13/2008 11:53 71,552 bridge.sys
04/13/2008 11:53 36,608 ip6fw.sys
04/13/2008 11:54 11,264 irenum.sys
04/13/2008 11:55 14,592 ndisuio.sys
04/13/2008 11:56 12,288 tunmp.sys
04/13/2008 11:56 34,688 netbios.sys
04/13/2008 11:56 88,320 nwlnkipx.sys
04/13/2008 11:56 35,072 msgpc.sys
04/13/2008 11:56 69,120 psched.sys
04/13/2008 11:56 12,800 usb8023.sys
04/13/2008 11:56 30,592 rndismpx.sys
04/13/2008 11:56 12,800 usb8023x.sys
04/13/2008 11:56 30,592 rndismp.sys
04/13/2008 11:57 20,864 ipinip.sys
04/13/2008 11:57 152,832 ipnat.sys
04/13/2008 11:57 34,560 wanarp.sys
04/13/2008 11:57 14,336 asyncmac.sys
04/13/2008 11:57 10,112 ndistapi.sys
04/13/2008 11:57 41,472 raspppoe.sys
04/13/2008 12:00 19,072 tdi.sys
04/13/2008 12:00 30,080 modem.sys
04/13/2008 12:14 63,744 cdfs.sys
04/13/2008 12:14 143,744 fastfat.sys
04/13/2008 12:15 64,512 serial.sys
04/13/2008 12:15 574,976 ntfs.sys
04/13/2008 12:15 60,800 sysaudio.sys
04/13/2008 12:16 49,536 classpnp.sys
04/13/2008 12:17 105,344 mup.sys
04/13/2008 12:17 83,072 wdmaud.sys
04/13/2008 12:18 52,480 i8042prt.sys
04/13/2008 12:19 146,048 portcls.sys
04/13/2008 12:19 75,264 ipsec.sys
04/13/2008 12:19 51,328 rasl2tp.sys
04/13/2008 12:19 48,384 raspptp.sys
04/13/2008 12:20 182,656 ndis.sys
04/13/2008 12:20 91,520 ndiswan.sys
04/13/2008 12:21 162,816 netbt.sys
04/13/2008 12:28 175,744 rdbss.sys
04/13/2008 12:39 5,504 MSTEE.sys
04/13/2008 12:45 60,032 USBAUDIO.sys
04/13/2008 12:46 15,232 StreamIP.sys
04/13/2008 12:46 10,880 NdisIP.sys
04/13/2008 12:46 11,136 SLIP.sys
04/13/2008 12:46 19,200 WSTCODEC.SYS
04/13/2008 12:46 17,024 CCDECODE.sys
04/13/2008 12:46 85,248 NABTSFEC.sys
04/13/2008 12:54 88,192 irda.sys
04/13/2008 13:16 141,056 ks.sys
04/13/2008 17:11 3,135 adv08nt5.dll
04/13/2008 17:11 3,615 adv05nt5.dll
04/13/2008 17:11 4,255 adv01nt5.dll
04/13/2008 17:11 3,775 adv11nt5.dll
04/13/2008 17:11 3,711 adv09nt5.dll
04/13/2008 17:11 3,967 adv02nt5.dll
04/13/2008 17:11 3,647 adv07nt5.dll
04/13/2008 17:11 14,143 atv06nt5.dll
04/13/2008 17:11 11,359 atv02nt5.dll
04/13/2008 17:11 21,183 atv01nt5.dll
04/13/2008 17:11 15,423 ch7xxnt5.dll
04/13/2008 17:11 25,471 atv04nt5.dll
04/13/2008 17:11 17,279 atv10nt5.dll
04/13/2008 17:12 3,901 siint5.dll
04/13/2008 17:12 11,325 vchnt5.dll
04/13/2008 17:13 12,040 tdpipe.sys
04/13/2008 17:13 40,840 termdd.sys
04/13/2008 17:13 21,896 tdtcp.sys
04/13/2008 17:13 139,656 rdpwd.sys
05/08/2008 07:02 203,136 rmcast.sys
06/13/2008 04:05 272,128 bthport.sys
06/20/2008 04:51 361,600 tcpip.sys
10/16/2008 07:43 138,496 afd.sys
11/11/2008 15:58 23,096 MusCAudio.sys
11/11/2008 15:58 3,768 MusCVideo.sys
11/25/2008 10:26 disdn
11/27/2008 12:52 22,768 usbsermpt.sys
12/18/2008 13:16 73,840 PCTAppEvent.sys
05/18/2009 14:17 26,600 GEARAspiWDM.sys
06/24/2009 04:18 92,928 ksecdd.sys
09/09/2009 09:16 UMDF
10/20/2009 09:20 265,728 http.sys
10/27/2009 13:02 23,936 motmodem.sys
02/11/2010 05:02 226,880 tcpip6.sys
06/07/2010 19:51 29,584 avgmfx86.sys
07/15/2010 16:41 216,400 avgldx86.sys
07/15/2010 16:41 243,024 avgtdix.sys
08/14/2010 14:48 691,696 sptd.sys
09/28/2010 16:44 41,984 usbaapl.sys
11/02/2010 08:17 40,960 ndproxy.sys
11/10/2010 20:30 4,122,368 ALCXWDM.SYS
11/10/2010 20:32 7,180 a2ptbtn.sys
12/13/2010 15:37 30,576 nx6000.sys
12/20/2010 18:08 20,952 mbam.sys
12/20/2010 18:09 38,224 mbamswissarmy.sys
02/17/2011 06:18 357,888 srv.sys
02/17/2011 06:18 455,936 mrxsmb.sys
04/21/2011 22:16 etc
04/22/2011 16:36 Avg
04/22/2011 22:33 .
04/22/2011 22:33 ..
332 File(s) 37,569,819 bytes
6 Dir(s) 39,629,275,136 bytes free


Stealth malware?


Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.0.2600.0000
FullScreen REG_SZ no
Check_Associations REG_SZ yes
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
DEPOff REG_DWORD 0x0
StatusBarWeb REG_DWORD 0x1
SearchControlWidth REG_DWORD 0x12c
ForceGDIPlus REG_DWORD 0x0
MaxRenderLine REG_DWORD 0xfa0
UseClearType REG_SZ yes
Page_Transitions REG_DWORD 0x1
Use_DlgBox_Colors REG_SZ yes
Anchor Underline REG_SZ yes
Display Inline Images REG_SZ yes
Display Inline Videos REG_DWORD 0x1
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
Print_Background REG_SZ no
SmoothScroll REG_DWORD 0x1
XMLHTTP REG_DWORD 0x1
Show image placeholders REG_DWORD 0x0
Disable Script Debugger REG_SZ yes
Enable AutoImageResize REG_SZ yes
XDomainRequest REG_DWORD 0x1
DOMStorage REG_DWORD 0x1
IE8RunOnceLastShown REG_DWORD 0x0
IE8RunOncePerInstallCompleted REG_DWORD 0x0
IE8TourNoShow REG_DWORD 0x0
IE8TourShown REG_DWORD 0x0
FrameTabWindow REG_DWORD 0x1
AdminTabProcs REG_DWORD 0x1
SessionMerging REG_DWORD 0x1
FrameMerging REG_DWORD 0x1
HangResistantFrame REG_DWORD 0x0
TabShutdownDelay REG_DWORD 0xea60
FrameShutdownDelay REG_DWORD 0x0
IEWatsonDisable REG_DWORD 0x1
Local Page REG_SZ C:\windows\system32\blank.htm
SearchMigrated REG_DWORD 0x0
Use Custom Search URL REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x0
EnableAutodial REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
PrivDiscUiShown REG_DWORD 0x1
WarnOnZoneCrossing REG_DWORD 0x0
SyncMode5 REG_DWORD 0x4
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0x28
ZonesSecurityUpgrade REG_BINARY DE8B3646EAE0C901
DisableCachingOfSSLPages REG_DWORD 0x0
ProxyOverride REG_SZ ;*.local
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
MaxConnectionsPerServer REG_DWORD 0xa
MaxConnectionsPer1_0Server REG_DWORD 0xa
CreateUriCacheSize REG_DWORD 0x50
CoInternetCombineIUriCacheSize REG_DWORD 0x50
SecurityIdIUriCacheSize REG_DWORD 0x1e
SpecialFoldersCacheSize REG_DWORD 0x8
WarnOnIntranet REG_DWORD 0x1

2 philipwk log-2 on Sat Apr 23, 2011 2:34 am

philipwk


Member
Member
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Digest

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://www.google.com/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions REG_SZ yes
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
IE8RunOnceLastShown REG_DWORD 0x1
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY B6E48F27A892CB01
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY BA7EEE8EEC9ECB01
StatusBarWeb REG_DWORD 0x1
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
DisableScriptDebuggerIE REG_SZ yes
Page_Transitions REG_DWORD 0x1
UseThemes REG_DWORD 0x1
Force Offscreen Composition REG_DWORD 0x0
Enable AutoImageResize REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
DOMStorage REG_DWORD 0x1
SearchControlWidth REG_DWORD 0x12c
ForceGDIPlus REG_DWORD 0x0
SuppressScriptDebuggerDialog REG_DWORD 0x0
CSS_Compat REG_SZ doctype
Display Inline Videos REG_DWORD 0x1
UseHR REG_DWORD 0x0
Q300829 REG_DWORD 0x0
Cleanup HTCs REG_DWORD 0x0
XDomainRequest REG_DWORD 0x1
IE8TourNoShow REG_DWORD 0x0
FrameTabWindow REG_DWORD 0x1
AdminTabProcs REG_DWORD 0x1
SessionMerging REG_DWORD 0x1
FrameMerging REG_DWORD 0x1
HangResistantFrame REG_DWORD 0x0
TabShutdownDelay REG_DWORD 0xea60
FrameShutdownDelay REG_DWORD 0x0
CompatibilityFlags REG_DWORD 0x0
FullScreen REG_SZ no
Window_Placement REG_BINARY 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF21000000210000007B040000C4030000
IE8RunOnceLastShown_TIMESTAMP REG_BINARY B43C7C53EC9ECB01
NotifyDownloadComplete REG_SZ yes
Start Page Restore REG_SZ https://mail.google.com/
Check_Associations REG_SZ yes
Friendly http errors REG_SZ no
SmoothScroll REG_DWORD 0x0
Use StyleSheets REG_SZ yes
AutoSearch REG_DWORD 0x4
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page REG_SZ C:\windows\system32\blank.htm
SearchMigrated REG_DWORD 0x0
Use Custom Search URL REG_DWORD 0x0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Touch

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{00000000-6E41-4FD3-8538-502F5495E5FC} REG_SZ
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} REG_BINARY 00
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} REG_SZ DVDVideoSoftTB Toolbar
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} REG_SZ AVG Security Toolbar
Locked REG_DWORD 0x1
{9D425283-D487-4337-BAB6-AB8354A81457} REG_SZ Search Toolbar
{47833539-D0C5-4125-9FA8-0819E2EAAC93} REG_BINARY 00
{30F9B915-B755-4826-820B-08FBA6BD249D} REG_SZ Conduit Engine
{8dcb7100-df86-4384-8842-8fa844297b3f} REG_SZ Bing
{D4027C7F-154A-4066-A1AD-4243D8127440} REG_BINARY 00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\QuickComplete

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF


Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\AVG\AVG9\avgupd.exe REG_SZ C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
C:\WINDOWS\explorer.exe REG_SZ C:\WINDOWS\explorer.exe:*:Enabled:enable
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Microsoft LifeCam\LifeCam.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\Microsoft LifeCam\LifeEnC2.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\Program Files\Microsoft LifeCam\LifeTray.exe REG_SZ C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe REG_SZ C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe REG_SZ C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A106663FD3361BDFACB045D83EBA03858EB1E411

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe SVG Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Data Management System for the FT-7100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 3_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AllMusicConverter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cucusoft DVD to iPod + iPod Video Converter Suite_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cucusoft Ultimate DVD + Video Converter Suite_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDneXtCOPY 3 Ultimate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Duplicate Finder_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Printer and Utilities

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F2F24872454C7CAEAABD8BB063F70FBEFF01989D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flame Skin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Mp3 Wma Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Text Pad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free WMA to MP3 Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FT-50 Programmer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GIGABYTE V-Tuner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ieSpell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iGolfNeo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iPhoto Plus 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2079403

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2121546

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2141007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2158563

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2160329

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2183461-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2259922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2279986

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2286198

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2296011

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2296199

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2345886

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2347290

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2360131-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2360937

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2378111_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2387149

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2393802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2412687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2416400-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2419632

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2423089

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2436673

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2440591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443105

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2443685

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2447568-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2467659

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2476687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478960

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2478971

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2479628

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2479943

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2481109

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2482017-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2483185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2485376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2508272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2524375

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971029

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971180-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9L

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975558_WM8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979402_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980436

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981322

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981852

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981957

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981997

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982132

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982665

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M2416447

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Machinist 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Machinist2DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Moleskinsoft Clone Remover 3.8_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 4.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

3 philipwk log-3 on Sat Apr 23, 2011 2:35 am

philipwk


Member
Member
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroMultiInstaller!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAnForce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PaperPort 7.02

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Password Folder_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Skin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSUtils

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veetle TV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Visioneer Strobe Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XpsEPSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0837A661-FEC3-48B3-876C-91E7D32048A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{104A059B-CD20-4632-A8F6-D8C80E14782D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1727CD47-A408-11d2-AFAD-00C04F72FB3E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C02D187-9256-4B08-92D1-82922DBE4D52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{219B0DA4-8F1A-499D-8795-4A07C632521E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2A981294-F14C-4F0F-9627-D793270922F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{308B6AEA-DE50-4666-996D-0FA461719D6B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{326057C5-6185-4C85-A630-9C2FC2DB3F93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34957B51-9676-41CE-9E52-44AE91B73F1C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48242276-DB89-42e8-9678-BD4280D7B99A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57752979-A1C9-4C02-856B-FBB27AC4E02C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{595D0DE8-C38A-4432-B851-47DECC1A99BD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C584ABC-0A83-40AC-83D5-B1695A96FEE2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61BEA823-ECAF-49F1-8378-A59B3B8AD247}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{625386A4-B6B6-4911-A6E8-23189C3F2D15}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62F79C52-E264-44ab-ABC2-7BEA2962C70D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63F2408D-A675-4d97-A256-70EACB6B9B4A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{644B991F-B109-4360-9DA3-40CDAD13961C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142150}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{723C033E-63EA-4227-BAB2-0AA8693C16EB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73C23496-A105-4b6f-B8F0-22523DFE4E4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{745A92AF-53B4-41A7-91C3-9B026B1D5897}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7CEBE551-AA55-4C12-A68D-9A52D53339AF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81DD5688-695A-4c1d-AE7D-368BF857725A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{881F5DE8-9367-4B81-A325-E91BBC6472F9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B4AB829-DFD3-436D-B808-D9733D76C590}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B4AE751-7055-4518-87B0-E148A8D50D0A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8BB15793-E03A-42A7-A143-6F29A0E4924D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90170409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90510409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91E30409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{930B2432-43D4-11D5-9871-00C04F8EEB39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B03C535-3AEA-4ef2-B326-0A01A2207034}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D18F7F8-B984-4249-8512-CC621BC59F12}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0673E9E-4510-4AA0-B860-58FD5A7212A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2500497-FD32-493e-B8E5-28D6728DBEF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A71D5E81-B967-43DB-93D7-FD31BFB95748}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8DBB9C7-6602-4798-A399-BEDDBFF05687}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4FEA924-630D-11D4-B78E-005004566E4D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC339BFD-F550-471a-8D26-4D08126C62F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BED03D32-9AE6-450F-8F61-92F3D9E4D2B9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB2418241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB983583

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C41300B9-185D-475E-BFEC-39EF732F19B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDBFDD5B-50E0-4021-94AF-516B80509ABE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0886AA2-F0B6-4EED-9CF9-B8084B796FB1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D444D748-EB5A-4A94-A84C-EA58A9FC52F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E0E1EFC2-FE99-11D3-99C7-0040F6982C20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE6097DD-05F4-4178-9719-D3170BF098E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF6F70D0-C242-4047-946B-98EA8208481A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1AE162A-2958-4EAD-B861-2EB5FD1D86E9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBF532A-47AC-457d-AC06-0D3163D8911E}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Octoshape add-in for Adobe Flash Player


Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.2.152.32
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x2
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
EstimatedSize REG_DWORD 0x1800

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.102.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
EstimatedSize REG_DWORD 0x1800


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Google Update REG_SZ "C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan REG_SZ SOUNDMAN.EXE
ShowIcon_The Company_USB Product Driver v2.16r002 REG_SZ "C:\Program Files\USB Product Driver v2.16r002\shwicon.exe" -t"The Company\USB Product Driver v2.16r002"
KernelFaultCheck REG_SZ %systemroot%\system32\dumprep 0 -k
HP Component Manager REG_SZ "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
EPSON Stylus Photo R200 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
DXDllRegExe REG_SZ dxdllreg.exe
AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
Adobe Acrobat Speed Launcher REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Microsoft Default Manager REG_SZ "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
TaskTray REG_SZ
SetDefPrt REG_SZ C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
ControlCenter2.0 REG_SZ C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


Restrictions - Internet Explorer



Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x143
NoDriveAutoRun REG_DWORD 0x3ffffff
LinkResolveIgnoreLinkInfo REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3EBF7D59-63AC-467F-84EC-06FBE05627F7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6330FAC2-3B1B-41B7-B91C-C161D885B7CB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6420D274-0DDC-4257-A2A0-30F545B0EE99}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6C6D12D2-A945-4F0D-AE38-ABFF05D3D9AB}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB822C7D-1BD9-43EC-9B6A-BA5D3B673685}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8F24175-BCDC-4C3B-BD7F-89936B659185}


Windows IP Configuration



Host Name . . . . . . . . . . . . : darren

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : 3Com 3C920B-EMB Integrated Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-26-54-0E-BE-75



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Adapter

Physical Address. . . . . . . . . : 00-0C-6E-6C-68-A2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, April 22, 2011 22:56:11

Lease Expires . . . . . . . . . . : Saturday, April 23, 2011 22:56:11



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ C:\WINDOWS\system32\avgrsstx.dll



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
LsaPid REG_DWORD 0x3b4
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcrobatInfo.exe
REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Adobe SVG Viewer
Path REG_SZ C:\WINDOWS\System32\Adobe\SVG Viewer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\August 2001 Adobe Product Update.exe
Path REG_SZ C:\Program Files\Common Files\Adobe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
REG_SZ C:\PROGRA~1\AVG\AVG9\avgse.dll
Menu1 REG_SZ Scan with &AVG Free
Help1 REG_SZ Scan against viruses with AVG Free

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BackItUp.EXE
REG_SZ C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe
Path REG_SZ C:\Program Files\Ahead\Nero BackItUp

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\BrMfcWnd.exe
Path REG_SZ C:\Program Files\Brother\Brmfcmon

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
REG_SZ C:\Program Files\CCleaner\CCleaner.exe
Path REG_SZ C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application
REG_SZ C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
Path REG_SZ C:\WINDOWS\System32
CmstpExtensionDll REG_SZ C:\WINDOWS\System32\cmcfg32.dll
CMInternalVersion REG_SZ 1.2
CmNative REG_DWORD 0x1
ProfilesUpgraded REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Contribute.exe
Path REG_SZ C:\Program Files\Macromedia\Contribute
REG_SZ C:\Program Files\Macromedia\Contribute\Contribute.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dreamweaver.exe
REG_SZ C:\Program Files\Adobe-2\Adobe Dreamweaver CS4\Dreamweaver.exe
Path REG_SZ C:\Program Files\Macromedia\Dreamweaver MX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DriverMender.exe
REG_SZ C:\Program Files\Driver Mender\Driver Mender\DriverMender.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\drvinst.exe
Path REG_SZ C:\WINDOWS\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Extension Manager.exe
REG_SZ C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe
Path REG_SZ C:\Program Files\Macromedia\Extension Manager\;C:\Program Files\Common Files\Macromedia

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Fireworks.exe
REG_SZ C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe
Path REG_SZ C:\Program Files\Macromedia\Fireworks MX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Flash.exe
REG_SZ C:\Program Files\Macromedia\Flash MX\Flash.exe
Path REG_SZ C:\Program Files\Macromedia\Flash MX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FreeHand MX.exe
REG_SZ C:\Program Files\Macromedia\FreeHand MX\FreeHand MX.exe
Path REG_SZ C:\Program Files\Macromedia\FreeHand MX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\frontpg.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\FRONTPG.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HijackThis.exe
REG_SZ C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
Path REG_SZ C:\Program Files\Trend Micro\HijackThis

4 philipwk log-4 on Sat Apr 23, 2011 2:38 am

philipwk


Member
Member
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqgalry.exe
REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqthb08.exe
REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ImageReady.exe
REG_SZ C:\Program Files\Adobe\Photoshop 6.0\ImageReady.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
useURL REG_SZ 1
REG_SZ C:\Program Files\Microsoft Office\OFFICE11\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ipe.exe
Path REG_SZ C:\Program Files\iPhoto Plus 4\PROGRAMS\
REG_SZ C:\Program Files\iPhoto Plus 4\PROGRAMS\ipe.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\lcbuddy.exe
REG_SZ C:\Program Files\Microsoft LifeCam\lcbuddy.exe
Path REG_SZ C:\Program Files\Microsoft LifeCam\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LifeCam.exe
Path REG_SZ C:\Program Files\Microsoft LifeCam\
REG_SZ C:\Program Files\Microsoft LifeCam\LifeCam.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mphonetools.exe
REG_SZ C:\Program Files\Motorola Phone Tools\mphonetools.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
REG_SZ "C:\Program Files\Windows Media Player\mplayer2.exe"
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\MSACCESS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_EXPAND_SZ %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSN6.EXE
REG_SZ C:\Program Files\MSN\MSNCoreFiles\MSN6.exe
Path REG_SZ C:\Program Files\MSN\MSNCoreFiles

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
useURL REG_SZ 1
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
SaveURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\MSPUB.EXE
useURL REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\
REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NCoverEd.exe
REG_SZ C:\Program Files\Ahead\CoverDesigner\CoverDes.exe
Path REG_SZ C:\Program Files\Ahead\CoverDesigner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\nero.exe
REG_SZ C:\Program Files\Ahead\nero\nero.exe
Path REG_SZ C:\Program Files\Ahead\Nero

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NeroStartSmart.exe
REG_SZ C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
Path REG_SZ C:\Program Files\Ahead\Nero StartSmart

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\none
Path REG_SZ C:\WINDOWS\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\obdpc-link.exe
old_dir REG_SZ C:\Program Files\OBD-PCLink\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PaprPort.exe
Path REG_SZ C:\Program Files\ScanSoft\PaperPort
REG_SZ C:\Program Files\ScanSoft\PaperPort\PaprPort.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshp.exe
Path REG_SZ C:\Program Files\Adobe\Photoshop 6.0
REG_SZ C:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PL-2303 DriverInstaller.exe
Path REG_SZ C:\WINDOWS\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\POIEdit.exe
Path REG_SZ C:\Program Files\Magellan\Magellan POI File Editor
REG_SZ C:\Program Files\Magellan\Magellan POI File Editor\POIEdit.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD
Path REG_SZ C:\Program Files\CyberLink\PowerDVD
REG_SZ C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD.exe
Path REG_SZ C:\Program Files\CyberLink\PowerDVD
REG_SZ C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
REG_SZ C:\Program Files\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1
Path REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Streets.exe
REG_SZ C:\Program Files\Microsoft Streets & Trips\Streets.exe
Path REG_SZ C:\Program Files\Microsoft Streets & Trips\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\visio.exe
REG_SZ C:\PROGRA~1\MICROS~2\Visio11\VISIO.EXE
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\Visio11\
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VTunner.exe
Path REG_SZ C:\Program Files\GigaByte\V-Tuner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WMPBurn.exe
REG_SZ C:\Program Files\Ahead\WMPBurn\WMPBurn.exe
Path REG_SZ C:\Program Files\Ahead\WMPBurn

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"


Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
jqs@sun.com REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
{C89FC3E3-E212-4312-AAD2-DB3AD8217ABE} REG_SZ C:\Documents and Settings\Philip\Local Settings\Application Data\{C89FC3E3-E212-4312-AAD2-DB3AD8217ABE}
avg@igeared REG_SZ C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
REG_SZ 2.0
CurrentVersion REG_SZ 4.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\4.0 (en-US)
REG_SZ 4.0 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\4.0 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\4.0 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox 4.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 4.0
GeckoVer REG_SZ 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 4.0\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 4.0\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBoot



SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sharedaccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

5 philipwk log-5 on Sat Apr 23, 2011 2:41 am

philipwk


Member
Member
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Downloaded program files (ActiveX)


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: C:\windows\Downloaded Program Files

erma.inf
GarminAxControl.ocx
muweb.inf
OSD96E9.OSD
wuweb.inf


Mountpoints


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e809ccf-47c9-11de-b1da-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eed2298-d30f-11dd-9ead-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1916696c-c0dd-11dd-9e8e-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2da02fca-03b3-11df-b2d7-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2da02fcb-03b3-11df-b2d7-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36060e12-77f7-11de-b21a-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4238aac2-1528-11e0-b0cd-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ce468ce-bcc9-11dd-9e7c-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63395bbe-58ac-11e0-b114-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9264c738-dd32-11de-b29b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9264c739-dd32-11de-b29b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9264c73a-dd32-11de-b29b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9264c73b-dd32-11de-b29b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936250dd-be77-11dd-9e84-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb62cb6-bb0e-11dd-973d-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb62cb7-bb0e-11dd-973d-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb62cb8-bb0e-11dd-973d-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeb62cb9-bb0e-11dd-973d-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2ba8f51-49d3-11df-b00a-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2ba8f52-49d3-11df-b00a-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be84f108-3162-11df-afd2-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d0ca3d-39d3-11df-afe9-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c894d412-3d39-11df-afef-0026540ebe75}

6 philipwk log -6 on Sat Apr 23, 2011 2:42 am

philipwk


Member
Member
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c894d413-3d39-11df-afef-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d776d21f-bcce-11dd-9e7e-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d776d220-bcce-11dd-9e7e-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d776d221-bcce-11dd-9e7e-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9c37ea3-f7dc-11dd-b1a8-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9c37ea8-f7dc-11dd-b1a8-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee733bc-cffc-11de-b28b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee733bd-cffc-11de-b28b-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5669e04-322a-11df-afd3-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5669e05-322a-11df-afd3-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa31410b-e5a8-11dd-9eb5-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa31410c-e5a8-11dd-9eb5-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa31410d-e5a8-11dd-9eb5-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa31410e-e5a8-11dd-9eb5-0026540ebe75}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC


Winlogon


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultDomainName REG_SZ DARREN
DefaultUserName REG_SZ Philip
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ userinit.exe
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x1
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x1
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x0
AltDefaultUserName REG_SZ Philip
AltDefaultDomainName REG_SZ DARREN
ChangePasswordUseKerberos REG_DWORD 0x1
Taskman REG_SZ

7 philipwk log -7 on Sat Apr 23, 2011 2:45 am

philipwk


Member
Member
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials


Windows Update

8 philipwk on Sat Apr 23, 2011 3:05 am

philipwk


Member
Member
Can't get the last 10 lines of the log file to you, when I try my computer looses internet connectivity, don't know why???

9 Re: philipwk log on Sat Apr 23, 2011 4:14 am

Nazzgull


Moderator
Moderator
Topics merged to one. Please do not make new topics, you just have to reply on this one if you don't have enough space.

Regards,
Nazzgull


..........................................................

Computer Science & Informatics

10 Re: philipwk log on Sat Apr 23, 2011 5:22 am

DragonMaster Jay


Site Owner
Site Owner
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

11 Re: philipwk log on Sun Apr 24, 2011 12:49 am

philipwk


Member
Member
OK, sorry about the topics....
I printed out the Combofiz instructions and ran it, Combo fix would not begain until I uninstalled AVG wow that took me 4 hours to accomplish!
The computer still has serious problems cause I couldn't even turn it off normally, I had to hold the start button for 10 seconds....
Below is the Combofix LOG:
ComboFix 11-04-23.01 - Philip 04/23/2011 20:51:58.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1960 [GMT -7:00]
Running from: c:\documents and settings\Philip\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\PriceGong
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\1.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\a.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\b.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\c.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\d.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\e.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\f.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\g.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\h.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\i.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\J.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\k.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\l.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\m.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\n.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\o.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\p.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\q.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\r.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\s.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\t.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\u.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\v.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\w.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\x.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\y.xml
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Philip\Application Data\PriceGong
c:\documents and settings\Philip\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Philip\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Philip\My Documents\DPE.DUS
c:\documents and settings\Philip\WINDOWS
c:\documents and settings\Wayne\Application Data\PriceGong
c:\documents and settings\Wayne\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Wayne\Application Data\PriceGong\Data\z.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shared
c:\program files\Shared\RT Systems\SPR32X30.ocx
c:\windows\system\LEAD51N.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 00:21 . 2011-04-24 00:21 -------- d-----w- c:\program files\Perfect Uninstaller
2011-04-22 04:58 . 2011-04-22 04:58 -------- d-----w- c:\documents and settings\Philip\Application Data\DriverCure
2011-04-22 04:58 . 2011-04-22 04:58 -------- d-----w- c:\documents and settings\Philip\Application Data\ParetoLogic
2011-04-22 04:58 . 2011-04-22 04:58 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-04-22 04:58 . 2011-04-22 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-04-22 04:58 . 2011-04-22 04:58 -------- d-----w- c:\program files\ParetoLogic
2011-04-22 03:57 . 2011-04-22 03:57 -------- d-----w- C:\Windows Recovery
2011-04-22 01:28 . 2011-04-22 04:17 4250 ----a-w- c:\windows\system32\tmp.reg
2011-04-22 01:22 . 2008-12-12 09:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2011-04-22 01:22 . 2008-09-20 19:45 80384 ----a-w- c:\windows\system32\o4Patch.exe
2011-04-22 01:22 . 2008-11-30 02:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2011-04-22 01:22 . 2008-08-18 19:19 82432 ----a-w- c:\windows\system32\404Fix.exe
2011-04-22 01:22 . 2008-10-01 22:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2011-04-22 01:22 . 2008-05-19 04:40 82944 ----a-w- c:\windows\system32\IEDFix.exe
2011-04-22 01:22 . 2009-04-30 08:36 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2011-04-22 01:22 . 2007-09-06 07:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2011-04-22 01:22 . 2006-04-28 00:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2011-04-22 01:22 . 2004-08-01 01:50 51200 ----a-w- c:\windows\system32\dumphive.exe
2011-04-22 01:22 . 2003-06-06 04:13 53248 ----a-w- c:\windows\system32\Process.exe
2011-04-19 00:55 . 2011-04-19 00:55 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-04-17 05:05 . 2011-04-17 05:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-17 04:30 . 2011-04-17 04:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-14 00:28 . 2011-04-17 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\nNg01817eNlFj01817
2011-04-11 02:53 . 2011-04-11 02:53 -------- d-----w- c:\program files\YouTube Downloader
2011-04-08 23:50 . 2011-04-08 23:50 -------- d-----w- C:\6666
2011-04-03 04:50 . 2011-04-06 03:22 -------- d-----w- c:\documents and settings\Philip\Local Settings\Application Data\AskToolbar
2011-04-03 00:41 . 2011-04-03 00:41 -------- d-----w- c:\documents and settings\Philip\Application Data\Brother
2011-04-03 00:28 . 2011-04-03 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2011-04-03 00:18 . 2011-04-06 02:01 -------- d-----w- c:\program files\Ask.com
2011-04-03 00:02 . 2011-04-03 00:02 -------- d-----w- c:\program files\Driver-Soft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2008-11-26 01:44 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2003-03-31 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-03-31 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2003-03-31 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-03-31 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-10-22 01:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2003-03-31 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2003-03-31 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2008-11-26 01:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-26 01:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-18 17:53 . 2011-03-29 04:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 02:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoft\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\prxtbDVD0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_The Company_USB Product Driver v2.16r002"="c:\program files\USB Product Driver v2.16r002\shwicon.exe -tThe Company\USB Product Driver v2.16r002" [X]
"SoundMan"="SOUNDMAN.EXE" [2010-11-14 577536]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"DXDllRegExe"="dxdllreg.exe" [BU]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-02 335872]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-12 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-08 864256]
.
c:\documents and settings\Philip\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2010-12-9 225280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 23:41 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-27 19:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/14/2010 2:48 PM 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/29/2008 2:25 PM 216400]
R2 PfFilter;PfFilter;c:\program files\IObit\Password Folder\pffilter.sys [11/23/2010 6:55 PM 159528]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 4:44 PM 444224]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [12/15/2008 9:45 PM 23096]
R3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [12/15/2008 9:45 PM 3768]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 DCamUSBET251;Snake eye Camera;c:\windows\system32\drivers\ET251.sys [2/4/2011 6:08 PM 105633]
S3 GAGPDrv;GAGPDrv; [x]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2/12/2011 5:50 PM 30576]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [12/15/2008 9:45 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-04-24 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-20 21:11]
.
2011-04-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-12-20 22:24]
.
2011-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 17:45]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003Core.job
- c:\documents and settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 20:24]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003UA.job
- c:\documents and settings\Philip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-08 20:24]
.
2011-04-24 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]
.
2011-04-22 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]
.
2011-04-22 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-04-22 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-04-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 02:17]
.
2011-04-24 c:\windows\Tasks\WebReg 20090507203209.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 09:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = ;*.local
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Philip\Application Data\Mozilla\Firefox\Profiles\h54exphx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15554&locale=en_US&apn_uid=E582E720-2C2A-4EFF-A419-760066089018&apn_ptnrs=HH&apn_sauid=B4A767F1-77E7-4A57-B6DC-73697E367017&apn_dtid=YYYYYYGCUS&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
HKLM-Run-TaskTray - (no file)
Notify-itlntfy - itlnfw32.dll
AddRemove-Advanced Data Management System for the FT-7100 - c:\yaesu\FT7100\UNWISE.EXE
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Philip\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 21:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-75CRA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A988332
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SOUNDMAN.EXE
c:\program files\USB Product Driver v2.16r002\shwicon.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-04-23 21:21:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-24 04:21
ComboFix2.txt 2009-09-09 22:02
ComboFix3.txt 2009-05-29 01:19
.
Pre-Run: 39,326,240,768 bytes free
Post-Run: 39,313,301,504 bytes free
.
Current=1 Default=1 Failed=4 LastKnownGood=2 Sets=1,2,3,4
- - End Of File - - 6C9B4FAB5E4EEA690F3404389592DA7F

12 Re: philipwk log on Mon Apr 25, 2011 5:01 am

DragonMaster Jay


Site Owner
Site Owner
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

13 RkU Report on Tue Apr 26, 2011 10:24 am

philipwk


Member
Member
HI, I took about 3 hours to run the SCAN. What does all this info mean? Is this the bad stuff?
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x8057376F-->F74E40E0 [spma.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x80573E7D-->F74FCDA4 [spma.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x8057FB2B-->F74FD132 [spma.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568F68-->F74E40C0 [spma.sys]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x80573B86-->F74FD20A [spma.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x8056A419-->F74FD08A [spma.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057BC5B-->F74FD29C [spma.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8AEFB830 [4] System
0x89D3B020 [232] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x89D28DA0 [296] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x89C558B8 [340] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x89D278F8 [364] C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation, MsCamSvc.exe)
0x89D10518 [464] C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd., Rosetta Stone Ltd. application)
0x897669A0 [468] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89CE7990 [556] C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x8ACABDA0 [568] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x89CD1990 [616] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89CCCDA0 [648] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x8AB4E718 [712] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8AB34798 [776] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AD06DA0 [808] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8AB69DA0 [860] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8ABB4A68 [872] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8AB48508 [1036] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x8AB8FDA0 [1056] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AB3E348 [1136] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89DF09B8 [1408] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x8986DA60 [1436] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc., CLI Application (Command Line Interface))
0x89DE3718 [1556] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C41B98 [1608] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89DB5020 [1708] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89DA0B98 [1828] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89D90730 [1940] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x89808998 [1976] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc., CLI Application (Command Line Interface))
0x89D54348 [1988] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x89B96798 [2228] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp., Realtek Sound Manager)
0x8A533020 [2236] C:\Program Files\USB Product Driver v2.16r002\shwicon.exe (MyComp, shwicon)
0x89B84020 [2244] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company, HP Framework Component Manager Service)
0x89B985D0 [2260] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc., ATI Desktop Control Panel)
0x8ACB4758 [2292] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc., AcroTray)
0x8993E6D8 [2308] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x8ACB2B98 [2404] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x89B64DA0 [2436] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd., ControlCenter2.0 Main Program)
0x8A544020 [2508] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x89B88020 [2532] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x89AED998 [2592] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc., CLI Application (Command Line Interface))
0x89695DA0 [2832] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x89376930 [3148] C:\Documents and Settings\Philip\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\svinw7uwq.exe (UG North, RKULE, SR2 Normandy)
0x899ED3E0 [3228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8ACAB7A0 [3660] C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation, Microsoft Office Word)
0x89941B98 [3856] C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (Hewlett-Packard Company, HP Task Management Component)
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB8B8D000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1847296 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF34A000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF74E3000 PCI_PNP8750 995328 bytes
0xF74E3000 spma.sys 995328 bytes
0xF74E3000 sptd 995328 bytes
0xAE9CE000 C:\WINDOWS\system32\drivers\nvmcp.sys 962560 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) MCP APU Audio Library)
0xB8D85000 C:\WINDOWS\System32\DRIVERS\USR1806V.SYS 794624 bytes (U.S. Robotics, Inc., Modem driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA67AA000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAEAB9000 C:\WINDOWS\system32\drivers\nvapu.sys 397312 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Audio Driver)
0xAEB1A000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA688F000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF455000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA25F4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6750000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xAEB78000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF749D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7B25000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA16CD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA681A000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA6867000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7832000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA6784000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA472A000 C:\Program Files\IObit\Password Folder\pffilter.sys 155648 bytes (IObit Information Technology, Password Folder filter driver)
0xAEBD0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8E5B000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8D62000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6845000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF794F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7858000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7A0C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF796F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF74CB000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7A26000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAEBB9000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA4674000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA4187000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8E47000 C:\WINDOWS\System32\DRIVERS\NVENET.sys 81920 bytes (NVIDIA Corporation, NVIDIA nForce MCP Networking Driver.)
0xAEBF4000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xAEC08000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA68E8000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB8D50000 C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS 73728 bytes (3Com Corporation, 3Com EtherLink PCI Driver)
0xF7A3D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xAE9BD000 C:\WINDOWS\system32\drivers\nvarm.sys 69632 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) APU Resource Manager)
0xF748C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAEBA8000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9DD0000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA790000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7687000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF75F7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB629C000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB23E8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB627C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA780000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB8F96000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAEFB5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7607000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB628C000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB5D3F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7877000 C:\WINDOWS\system32\drivers\nvax.sys 49152 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) MCP Audio Enumerator)
0xB5D1F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB4201000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA7A0000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB5D2F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7887000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7617000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB626C000 C:\WINDOWS\system32\drivers\MusCAudio.sys 40960 bytes (Windows (R) Codename Longhorn DDK provider, Support Device)
0xAEF95000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xAEFC5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB5D0F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAEF35000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA1A53000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB2620000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77DF000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF77D7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB445E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB442E000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF780F000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB2812000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB4426000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77FF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8E8F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB27E2000 C:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)
0xF7807000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB27F2000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB280A000 C:\WINDOWS\System32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xB27EA000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB2802000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8E87000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7CC000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA2340000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xA4648000 C:\WINDOWS\System32\Drivers\GVCplDrv.SYS 16384 bytes
0xBA7E8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xB5C7D000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA4712000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF789F000 nv_agp.sys 16384 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xAEE96000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF789B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA6BB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAEE92000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB3D35000 C:\WINDOWS\System32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0x8AE1A000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAEE8A000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF794B000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB75DB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7989000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB75DD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB75D9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB7FB6000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB75D7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79BD000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B5000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7987000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xAF37B000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AA5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAF3D7000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xAF3D6000 C:\WINDOWS\system32\DRIVERS\MusCVideo.sys 4096 bytes (Windows (R) 2000 DDK provider, Video Mirror Miniport)
0xAEF31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AF0D1F8 unknown_irp_handler 3592 bytes
0x8AEA11F8 unknown_irp_handler 3592 bytes
0x8AC691F8 unknown_irp_handler 3592 bytes
0x8AF0F1F8 unknown_irp_handler 3592 bytes
0x8ACD21F8 unknown_irp_handler 3592 bytes
0x8AC411F8 unknown_irp_handler 3592 bytes
0x8AD441F8 unknown_irp_handler 3592 bytes
0x8ACC3328 unknown_irp_handler 3288 bytes
!!!!!!!!!!!Hidden driver: 0x8AE4E332 ?_empty_? 3278 bytes
0x8AB8E500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0xF796F000 WARNING: suspicious driver modification [atapi.sys::0x8AE4E332]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RJ2O5GWB\eAAVyUEOwiAQAMB9hp-ABZddiL6GVKSYICQ0Tc_GY899r3Wu890v2wEH3PcP1LaWNGBeln5DfBRrSI-59V7eWU-tYqkxp3EOikeZ0Ed0li0bR_KXODhyTyJiEcd8ZT4vslU2-M0GUUYZ_eoZ4Ac_[1].jpg]
!-->[Hidden] C:\Documents and Settings\Philip\Application Data\Microsoft\Office\Recent\Normal.LNK
!-->[Hidden] C:\Documents and Settings\Philip\Application Data\Microsoft\Office\Recent\Templates.LNK
!-->[Hidden] C:\Documents and Settings\Philip\Application Data\Microsoft\Word\AutoRecovery save of Normal.as$
!-->[Hidden] C:\Documents and Settings\Philip\Local Settings\temp\~DFBCBE.tmp
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Cistercian Monks of Stift Heiligenkreuz\Chant- Music for the Soul\13 Missa Pro Defunctis- IX. Communio 'Lux Aeterna' Cistercian Monks of Stift Heiligenkreuz Chant- Music for the Soul New Age 160kbps.wmama
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Cistercian Monks of Stift Heiligenkreuz\Chant- Music for the Soul\15 Ad Completorium- Hymnus 'Te Lucis Ante Terminum' Cistercian Monks of Stift Heiligenkreuz Chant- Music for the Soul New Age 160kbps.wmaa
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Cistercian Monks of Stift Heiligenkreuz\Chant- Music for the Soul\28 Introitus Dominica Pentecostes 'Spiritus Domini' Cistercian Monks of Stift Heiligenkreuz Chant- Music for the Soul New Age 160kbps.wmaa
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 1\05 Moanin' the Blues Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 1 Country 160kbps.wmama
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 1\13 Tennessee Border Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 1 Country 160kbps.wmaama
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 1\16 Hey, Good Lookin' Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 1 Country 160kbps.wmama
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 1\20 Honky Tonk Blues Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 1 Country 160kbps.wmaama
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 2\07 First Year Blues Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 2 Country 160kbps.wmawma
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Hank Williams\Turn Back the Years- The Essential Hank Williams Collection Disc 2\15 Cold, Cold Heart Hank Williams Turn Back the Years- The Essential Hank Williams Collection Disc 2 Country 160kbps.wmawma
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Various Artists\How Great Thou Art- Gospel Favorites from the Grand Ole Opry\05 Family Bible Ricky Skaggs & The Whites How Great Thou Art- Gospel Favorites from the Grand Ole Opry Religious 160kbps.wmawma
!-->[Hidden] C:\Documents and Settings\Philip\My Documents\My Music\Various Artists\How Great Thou Art- Gospel Favorites from the Grand Ole Opry\06 Just a Closer Walk with Thee Sara Evans How Great Thou Art- Gospel Favorites from the Grand Ole Opry Religious 160kbps.wmama
!-->[Hidden] C:\Qoobox\BackEnv\appdata.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\localappdata.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\localsettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\mypictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\startmenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\startup.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP11\change.log.6
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP11\drivetable.txt
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\change.log
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\RestorePointSize
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\rp.log
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\ComDb.Dat
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\domain.txt
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\$WinMgmt.CFG
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\INDEX.BTR
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\INDEX.MAP
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\MAPPING.VER
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\MAPPING1.MAP
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\MAPPING2.MAP
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\OBJECTS.DATA
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\Repository\FS\OBJECTS.MAP
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_MACHINE_SAM
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_MACHINE_SECURITY
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_MACHINE_SOFTWARE
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_MACHINE_SYSTEM
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_.DEFAULT
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-583907252-725345543-1003
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-583907252-725345543-1006
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1202660629-583907252-725345543-500
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-583907252-725345543-1003
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-583907252-725345543-1006
!-->[Hidden] C:\System Volume Information\_restore{2EA0BB66-544E-488A-AB41-812153A2F8CD}\RP12\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1202660629-583907252-725345543-500
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4816.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4818.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4820.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4821.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4822.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4824.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4826.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4827.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4828.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4829.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4830.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4831.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4832.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4834.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4835.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4836.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4837.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4838.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4840.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4841.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4842.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4843.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4844.xml
!-->[Hidden] C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_4845.xml
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[2832]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2832]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2832]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2832]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2832]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2832]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2832]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2832]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2832]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2832]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2832]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2832]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2832]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2832]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2832]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2832]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2832]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2832]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2832]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2832]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2832]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2832]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2832]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2832]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x7E43C7DB-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2832]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2832]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2832]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxA, Type: Inline - RelativeJump 0x7E4507EA-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->MessageBoxW, Type: Inline - RelativeJump 0x7E466534-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->SetActiveWindow, Type: Inline - RelativeJump 0x7E427822-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->SetCursor, Type: Inline - RelativeJump 0x7E429930-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->SetFocus, Type: Inline - RelativeJump 0x7E42B112-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->SetForegroundWindow, Type: Inline - RelativeJump 0x7E4242ED-->00000000 [tbDVD2.dll]
[2832]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2832]iexplore.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [ConduitEngin0.dll]
[2832]iexplore.exe-->user32.dll-->TrackPopupMenuEx, Type: Inline - RelativeJump 0x7E46CF62-->00000000 [ConduitEngin0.dll]
[2832]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[468]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[468]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[468]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[468]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[468]iexplore.exe-->advapi32.dll-->RegSetValueA, Type: Inline - RelativeJump 0x77DFC79E-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - RelativeJump 0x77DDEAE7-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - SEH 0x77DDEAEC [unknown_code_page]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExA, Type: Inline - SEH 0x77DDEAED [unknown_code_page]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - RelativeJump 0x77DDD767-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - SEH 0x77DDD76C [unknown_code_page]
[468]iexplore.exe-->advapi32.dll-->RegSetValueExW, Type: Inline - SEH 0x77DDD76D [unknown_code_page]
[468]iexplore.exe-->advapi32.dll-->RegSetValueW, Type: Inline - RelativeJump 0x77E36116-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[468]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[468]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[468]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[468]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[468]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[468]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[468]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[468]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[468]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[468]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[468]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[468]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[468]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[468]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[468]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[468]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[468]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[468]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[468]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x7E43C7DB-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[468]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[468]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[468]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxA, Type: Inline - RelativeJump 0x7E4507EA-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[468]iexplore.exe-->user32.dll-->MessageBoxW, Type: Inline - RelativeJump 0x7E466534-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [tbDVD2.dll]
[468]iexplore.exe-->user32.dll-->TrackPopupMenuEx, Type: Inline - RelativeJump 0x7E46CF62-->00000000 [tbDVD2.dll]
[568]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[568]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[568]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[568]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[568]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[568]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[568]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[568]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[568]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[568]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[568]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

14 Re: philipwk log on Tue Apr 26, 2011 10:22 pm

DragonMaster Jay


Site Owner
Site Owner
GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

15 Re: philipwk log on Wed Apr 27, 2011 1:25 pm

philipwk


Member
Member
Ok so I followed your instructions....
The SCAN took all night to run.
I followed the instructions to save the copy.
When I clicked "ok".
It showed "delayed Write failed--Device\HardiskVolume1\program files\Java\jre6\bin.
"The data has been lost."

Sorry....

phil

Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 2]

Goto page : 1, 2  Next

SecuraGeek Forums » Malware/Threat Removal » philipwk log

Permissions in this forum:
You cannot reply to topics in this forum