Malware Doctor Infection?

View previous topic View next topic Go down

Malware Doctor Infection?

Post by Scoobydont on Thu Jul 22, 2010 11:28 pm

Hello,

A few days ago my home and my PC were invaded by pre-teen downloading machines (aka nieces and nephews) and now I believe my PC is infected with the Malware Doctor Virus.

The P2P program they used has been removed. I was not able to update Java (I received an error code 1606: Cannot access network location) and I also could not update Adobe for a similar reason. I was however able to download and run OLT; however the scan results are too large to be posted in a single reply and when I attempt to attach them to a message I am told the uploaded file is not valid (though they are .txt). And advice on how to post the logs? Thanks in advance for the help with such a frustrating situation.



Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Fri Jul 23, 2010 6:41 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply. Also, look for a file in the same location called systemintegrity.txt. Please open that, and copy and paste that in to your next reply as well.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Fri Jul 23, 2010 10:33 pm

Thanks Jay. Here are the logs:

MySystem-Search


MSS v1.6


Basic System Information

Username: Blackshear - Date: 07/23/2010 - Time: 15:20:17

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 15 Model 4 Stepping 3, GenuineIntel
Total processors: 2
Computer Name: GHFJ
Logon Server: \\GHFJ


CD Emulation Drivers running?

DAEMON Tools/Duplex Secure found!


Peer-to-Peer applications?



File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes


Image Name PID Session Name Session# Mem Usage
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 248 K
smss.exe 908 Console 0 420 K
csrss.exe 988 Console 0 4,068 K
winlogon.exe 1012 Console 0 2,252 K
services.exe 1060 Console 0 8,036 K
lsass.exe 1072 Console 0 1,368 K
svchost.exe 1236 Console 0 5,204 K
svchost.exe 1300 Console 0 4,784 K
svchost.exe 1448 Console 0 32,604 K
svchost.exe 1580 Console 0 3,572 K
svchost.exe 1672 Console 0 3,268 K
ccSetMgr.exe 1916 Console 0 4,700 K
SPBBCSvc.exe 596 Console 0 2,924 K
ccEvtMgr.exe 704 Console 0 3,080 K
spoolsv.exe 876 Console 0 5,864 K
svchost.exe 1384 Console 0 4,168 K
agrsmsvc.exe 1428 Console 0 1,384 K
AppleMobileDeviceService. 1468 Console 0 3,368 K
mDNSResponder.exe 1492 Console 0 3,784 K
DefWatch.exe 1528 Console 0 1,840 K
ehrecvr.exe 1768 Console 0 14,096 K
ehSched.exe 1780 Console 0 2,860 K
jqs.exe 1892 Console 0 1,408 K
LSSrvc.exe 1936 Console 0 1,540 K
mdm.exe 244 Console 0 2,496 K
svchost.exe 300 Console 0 3,872 K
svchost.exe 312 Console 0 4,240 K
Rtvscan.exe 664 Console 0 65,412 K
WLIDSVC.EXE 1344 Console 0 8,488 K
mcrdsvc.exe 1616 Console 0 3,116 K
dllhost.exe 2168 Console 0 6,332 K
WLIDSVCM.EXE 2240 Console 0 2,024 K
explorer.exe 4028 Console 0 26,180 K
SOUNDMAN.EXE 612 Console 0 2,860 K
ccApp.exe 268 Console 0 7,712 K
VPTray.exe 564 Console 0 7,340 K
jusched.exe 2156 Console 0 2,784 K
DivXUpdate.exe 2452 Console 0 12,160 K
iTunesHelper.exe 2480 Console 0 14,656 K
ctfmon.exe 2572 Console 0 4,060 K
SUPERANTISPYWARE.EXE 2688 Console 0 816 K
WG111v2.exe 3112 Console 0 10,220 K
wmiprvse.exe 368 Console 0 6,304 K
iPodService.exe 944 Console 0 4,164 K
mss.exe 3352 Console 0 3,824 K
cmd.exe 440 Console 0 1,748 K
tasklist.exe 3840 Console 0 4,584 K


Hidden objects

PATH: C:\windows

$hf_mig$
$MSI31Uninstall_KB893803v2$
$NtServicePackUninstall$
$NtUninstallbasecsp$
$NtUninstallKB2229593$
$NtUninstallKB835221WXP$
$NtUninstallKB873339$
$NtUninstallKB883667$
$NtUninstallKB885354$
$NtUninstallKB885835$
$NtUninstallKB885836$
$NtUninstallKB886185$
$NtUninstallKB887472$
$NtUninstallKB887742$
$NtUninstallKB888302$
$NtUninstallKB888316$
$NtUninstallKB888795$
$NtUninstallKB889858$
$NtUninstallKB890046$
$NtUninstallKB890175$
$NtUninstallKB890859$
$NtUninstallKB891593$
$NtUninstallKB891781$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB895961$
$NtUninstallKB896344$
$NtUninstallKB896358$
$NtUninstallKB896423$
$NtUninstallKB896428$
$NtUninstallKB898461$
$NtUninstallKB899337$
$NtUninstallKB899510$
$NtUninstallKB899587$
$NtUninstallKB899591$
$NtUninstallKB900325$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB901214$
$NtUninstallKB902400$
$NtUninstallKB902841$
$NtUninstallKB903157$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB908250$
$NtUninstallKB908519$
$NtUninstallKB908531$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911927$
$NtUninstallKB913580$
$NtUninstallKB913800$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB916595$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB920213$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB922582$
$NtUninstallKB923191$
$NtUninstallKB923561$
$NtUninstallKB923561_0$
$NtUninstallKB923689$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925720$
$NtUninstallKB925766$
$NtUninstallKB925902$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB929399$
$NtUninstallKB930178$
$NtUninstallKB930494$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB935448$
$NtUninstallKB936357$
$NtUninstallKB936782_WMP10$
$NtUninstallKB936782_WMP11$
$NtUninstallKB937894$
$NtUninstallKB938127$
$NtUninstallKB938464-v2$
$NtUninstallKB938464-v2_0$
$NtUninstallKB938828$
$NtUninstallKB939683$
$NtUninstallKB941569$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB944338-v2$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946648$
$NtUninstallKB946648_0$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950762_0$
$NtUninstallKB950974$
$NtUninstallKB950974_0$
$NtUninstallKB951066$
$NtUninstallKB951066_0$
$NtUninstallKB951376-v2$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951748$
$NtUninstallKB951748_0$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952004_0$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952287_0$
$NtUninstallKB952954$
$NtUninstallKB952954_0$
$NtUninstallKB953295$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB954600_0$
$NtUninstallKB955069$
$NtUninstallKB955069_0$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956572$
$NtUninstallKB956572_0$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956802_0$
$NtUninstallKB956803$
$NtUninstallKB956803_0$
$NtUninstallKB956844$
$NtUninstallKB957097$
$NtUninstallKB957097_0$
$NtUninstallKB958644$
$NtUninstallKB958644_0$
$NtUninstallKB958687$
$NtUninstallKB958687_0$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959426_0$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960225_0$
$NtUninstallKB960803$
$NtUninstallKB960803_0$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961118_0$
$NtUninstallKB961371$
$NtUninstallKB961373$
$NtUninstallKB961373_0$
$NtUninstallKB961501$
$NtUninstallKB961501_0$
$NtUninstallKB967715$
$NtUninstallKB967715_0$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968537_0$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969897$
$NtUninstallKB969898$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970238_0$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971513$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973768$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975562$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978695_WM9$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979482$
$NtUninstallKB979559$
$NtUninstallKB979683$
$NtUninstallKB979904$
$NtUninstallKB980195$
$NtUninstallKB980218$
$NtUninstallKB980232$
$NtUninstallKB981793$
$NtUninstallMC05Upd1$
$NtUninstallMSCompPackV1$
$NtUninstallWdf01005$
$NtUninstallWIC$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
CSC
ftpcache
ie8
inf
Installer
msdownld.tmp
WindowsShell.Manifest
winnt.bmp
winnt256.bmp


PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
logonui.exe.manifest
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest


PATH: C:\windows\system32\drivers

103C_HP_CPC_PS580AA-ABA M7060N_YC_0Pavi_QMXK515_E52NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M3192_J200_7Intel_8Pentium 4_93_#090624_N10EC8139_Z11C1048C_G80862582.MRK
MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
Msft_Kernel_motmodem_01005.Wdf


PATH: C:\

BOOT.BAK
boot.ini
cmdcons
cmldr
Config.Msi
hiberfil.sys
hp
hpbi.log
IO.SYS
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
Python22
RECYCLER
System Volume Information
system.sav
User Profile check



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x3c94e764
ProfileLoadTimeHigh REG_DWORD 0x1cb2ab4
RefCount REG_DWORD 0x4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x3b4be2e0
ProfileLoadTimeHigh REG_DWORD 0x1cb2ab4
RefCount REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-336825795-975779247-2064553283-1008
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Administrator
Sid REG_BINARY 010500000000000515000000C38D1314AF35293A43950E7BF0030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xff060964
ProfileLoadTimeHigh REG_DWORD 0x1c9f503
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-336825795-975779247-2064553283-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Blackshear
Sid REG_BINARY 010500000000000515000000C38D1314AF35293A43950E7BF1030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xe4206800
ProfileLoadTimeHigh REG_DWORD 0x1cb2ab4
RefCount REG_DWORD 0x1
RunLogonscriptSync REG_DWORD 0x1
OptimizedLogonStatus REG_DWORD 0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-336825795-975779247-2064553283-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 010500000000000515000000C38D1314AF35293A43950E7BF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x99ff54fc
ProfileLoadTimeHigh REG_DWORD 0x1c9f518
RefCount REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb


Current Scheduled Tasks

PATH: C:\Windows\Tasks

Ad-Aware Update (Weekly).job
AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009Core.job
GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009UA.job
Symantec NetDetect.job
Updater.job
desktop.ini
SA.DAT


Windows Drivers and NT-Services

Volume in drive C is HP_PAVILION
Volume Serial Number is D0F5-C333

Directory of C:\Windows\System32\Drivers

06/24/2009 12:27 PM 1,906 103C_HP_CPC_PS580AA-ABA M7060N_YC_0Pavi_QMXK515_E52NAsyEPC2_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M3192_J200_7Intel_8Pentium 4_93_#090624_N10EC8139_Z11C1048C_G80862582.MRK
12/18/2009 11:59 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
12/18/2009 11:59 PM 0 Msft_Kernel_motmodem_01005.Wdf
3 File(s) 1,906 bytes
0 Dir(s) 31,718,580,224 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is D0F5-C333

Directory of C:\Windows\System32\Drivers

03/22/2000 10:42 PM 44,192 PcdrNt.sys
07/03/2001 09:39 PM 3,654 Sonyhcp.dll
08/17/2001 12:59 PM 3,072 audstub.sys
08/17/2001 01:48 PM 12,160 mouhid.sys
08/17/2001 01:51 PM 3,328 pciide.sys
08/17/2001 02:56 PM 7,552 SONYPVU1.SYS
08/17/2001 09:46 PM 6,400 enum1394.sys
11/05/2001 10:23 AM 6,097 sonyhcb.sys
11/05/2001 10:23 AM 38,739 sonyhcc.sys
11/05/2001 10:23 AM 299,923 sonyhcs.sys
10/04/2002 10:04 AM 46,976 R8139n51.sys
10/15/2002 11:41 PM 102,220 sonypvs1.sys
04/29/2003 06:38 AM 10,940 cdrbsvsd.sys
09/10/2003 11:36 PM 21,060 iviaspi.sys
09/19/2003 01:47 AM 10,368 pfc.sys
12/02/2003 06:23 PM 142,336 Fasttx2k.sys
03/17/2004 04:10 PM 113,664 Hdaudio.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
07/17/2004 11:36 AM 64,352 ativmc20.cod
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
08/03/2004 09:31 PM 20,992 RTL8139.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/03/2004 10:29 PM 1,897,408 nv4_mini.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 13,776 recagent.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
08/04/2004 06:31 AM 32,768 sisnic.sys
08/09/2004 09:00 PM 352,256 atmuni.sys
08/09/2004 09:00 PM 13,952 cbidf2k.sys
08/09/2004 09:00 PM 6,784 parvdm.sys
08/09/2004 09:00 PM 4,224 rdpcdd.sys
08/09/2004 09:00 PM 3,456 oprghdlr.sys
08/09/2004 09:00 PM 55,936 nwlnkspx.sys
08/09/2004 09:00 PM 63,232 nwlnknb.sys
08/09/2004 09:00 PM 34,432 rawwan.sys
08/09/2004 09:00 PM 8,832 rasacd.sys
08/09/2004 09:00 PM 12,416 nwlnkflt.sys
08/09/2004 09:00 PM 16,512 raspti.sys
08/09/2004 09:00 PM 31,360 atmepvc.sys
08/09/2004 09:00 PM 14,592 smclib.sys
08/09/2004 09:00 PM 2,944 null.sys
08/09/2004 09:00 PM 4,736 usbd.sys
08/09/2004 09:00 PM 4,224 beep.sys
08/09/2004 09:00 PM 4,352 wmilib.sys
08/09/2004 09:00 PM 5,888 rootmdm.sys
08/09/2004 09:00 PM 12,032 ws2ifsl.sys
08/09/2004 09:00 PM 3,440,660 gm.dls
08/09/2004 09:00 PM 646 gmreadme.txt
08/09/2004 09:00 PM 11,648 acpiec.sys
08/09/2004 09:00 PM 4,224 mnmdd.sys
08/09/2004 09:00 PM 17,792 ptilink.sys
08/09/2004 09:00 PM 5,888 dmload.sys
08/09/2004 09:00 PM 32,512 nwlnkfwd.sys
08/09/2004 09:00 PM 7,936 fs_rec.sys
08/09/2004 09:00 PM 7,680 mcd.sys
08/09/2004 09:00 PM 10,496 dxapi.sys
08/09/2004 09:00 PM 32,896 ipfltdrv.sys
08/09/2004 09:00 PM 3,328 dxgthk.sys
08/09/2004 09:00 PM 125,056 ftdisk.sys
08/10/2004 10:45 AM 11,008 mhndrv.sys
08/10/2004 11:00 AM 12,032 nikedrv.sys
08/10/2004 11:00 AM 11,776 cpqdap01.sys
08/10/2004 11:00 AM 262,528 cinemst2.sys
08/10/2004 11:00 AM 18,688 cdaudio.sys
08/10/2004 11:00 AM 12,032 rio8drv.sys
08/10/2004 11:00 AM 12,032 riodrv.sys
08/10/2004 11:00 AM 12,160 fsvga.sys
08/10/2004 11:00 AM 21,376 tsbvcap.sys
08/10/2004 11:00 AM 51,712 tosdvd.sys
08/10/2004 11:00 AM 58,112 vdmindvd.sys
08/19/2004 07:14 PM 21,024 pcdrsrvc.pkms
11/11/2004 03:36 PM 9,472 cxavxbar.sys
11/11/2004 03:36 PM 297,344 cx88enc.sys
11/11/2004 03:37 PM 31,360 cx88tune.sys
11/11/2004 03:37 PM 160,256 cx88vid.sys
12/01/2004 11:28 AM 776,637 ialmnt5.sys
04/22/2005 11:53 AM 20 SymRedir.cat
04/22/2005 11:53 AM 1,133 SymRedir.inf
04/22/2005 12:02 PM 11,512 symdns.sys
04/22/2005 12:02 PM 173,208 symfw.sys
04/22/2005 12:02 PM 47,192 symndis.sys
04/22/2005 12:02 PM 36,984 symids.sys
04/22/2005 12:03 PM 17,976 symredrv.sys
04/22/2005 12:03 PM 267,192 symtdi.sys
05/13/2005 07:50 PM 123,488 SYMEVENT.SYS
09/23/2005 06:56 PM 3,966,976 RtkHDAud.sys
12/12/2005 05:27 PM 19,072 PS2.sys
09/28/2006 06:55 PM 77,568 WudfPf.sys
09/28/2006 07:00 PM 82,944 WudfRd.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
11/02/2006 08:22 AM 32,224 wdfldr.sys
11/02/2006 08:22 AM 492,000 wdf01000.sys
12/13/2006 06:52 PM 20,992 motmodem.sys
02/06/2007 10:22 PM 194,304 wg111v2.sys
11/13/2007 03:25 AM 20,480 secdrv.sys
04/13/2008 09:36 AM 144,384 hdaudbus.sys
04/13/2008 09:39 AM 142,592 aec.sys
04/13/2008 11:31 AM 35,840 processr.sys
04/13/2008 11:31 AM 42,752 p3.sys
04/13/2008 11:31 AM 36,736 crusoe.sys
04/13/2008 11:31 AM 37,376 amdk6.sys
04/13/2008 11:31 AM 36,352 intelppm.sys
04/13/2008 11:31 AM 37,760 amdk7.sys
04/13/2008 11:32 AM 66,048 udfs.sys
04/13/2008 11:32 AM 19,072 msfs.sys
04/13/2008 11:32 AM 30,848 npfs.sys
04/13/2008 11:32 AM 180,608 mrxdav.sys
04/13/2008 11:32 AM 196,224 rdpdr.sys
04/13/2008 11:32 AM 129,792 fltmgr.sys
04/13/2008 11:33 AM 44,544 fips.sys
04/13/2008 11:34 AM 163,584 nwrdr.sys
04/13/2008 11:36 AM 5,888 smbali.sys
04/13/2008 11:36 AM 187,776 acpi.sys
04/13/2008 11:36 AM 42,752 alim1541.sys
04/13/2008 11:36 AM 42,368 agp440.sys
04/13/2008 11:36 AM 44,928 agpcpq.sys
04/13/2008 11:36 AM 40,960 sisagp.sys
04/13/2008 11:36 AM 43,008 amdagp.sys
04/13/2008 11:36 AM 46,464 gagp30kx.sys
04/13/2008 11:36 AM 44,672 uagp35.sys
04/13/2008 11:36 AM 42,240 viaagp.sys
04/13/2008 11:36 AM 37,248 isapnp.sys
04/13/2008 11:36 AM 63,744 mf.sys
04/13/2008 11:36 AM 120,192 pcmcia.sys
04/13/2008 11:36 AM 79,232 sdbus.sys
04/13/2008 11:36 AM 68,224 pci.sys
04/13/2008 11:36 AM 15,488 mssmbios.sys
04/13/2008 11:36 AM 73,472 sr.sys
04/13/2008 11:38 AM 71,168 dxg.sys
04/13/2008 11:39 AM 92,544 mqac.sys
04/13/2008 11:39 AM 42,368 mountmgr.sys
04/13/2008 11:39 AM 384,768 update.sys
04/13/2008 11:39 AM 23,040 mouclass.sys
04/13/2008 11:39 AM 24,576 kbdclass.sys
04/13/2008 11:39 AM 14,592 kbdhid.sys
04/13/2008 11:39 AM 5,376 mspclock.sys
04/13/2008 11:39 AM 5,504 mstee.sys
04/13/2008 11:39 AM 4,992 mspqm.sys
04/13/2008 11:39 AM 7,552 mskssrv.sys
04/13/2008 11:39 AM 4,352 swenum.sys
04/13/2008 11:40 AM 80,128 parport.sys
04/13/2008 11:40 AM 15,744 serenum.sys
04/13/2008 11:40 AM 20,480 flpydisk.sys
04/13/2008 11:40 AM 27,392 fdc.sys
04/13/2008 11:40 AM 57,600 redbook.sys
04/13/2008 11:40 AM 5,504 intelide.sys
04/13/2008 11:40 AM 24,960 pciidex.sys
04/13/2008 11:40 AM 96,384 scsiport.sys
04/13/2008 11:40 AM 96,512 atapi.sys
04/13/2008 11:40 AM 5,376 viaide.sys
04/13/2008 11:40 AM 14,208 diskdump.sys
04/13/2008 11:40 AM 62,976 cdrom.sys
04/13/2008 11:40 AM 11,008 sffp_sd.sys
04/13/2008 11:40 AM 36,352 disk.sys
04/13/2008 11:40 AM 11,904 sffdisk.sys
04/13/2008 11:40 AM 10,240 sffp_mmc.sys
04/13/2008 11:40 AM 11,392 sfloppy.sys
04/13/2008 11:40 AM 19,712 partmgr.sys
04/13/2008 11:40 AM 14,976 tape.sys
04/13/2008 11:40 AM 42,112 imapi.sys
04/13/2008 11:41 AM 52,352 volsnap.sys
04/13/2008 11:43 AM 12,672 mutohpen.sys
04/13/2008 11:43 AM 14,208 wacompen.sys
04/13/2008 11:44 AM 20,992 vga.sys
04/13/2008 11:44 AM 81,664 videoprt.sys
04/13/2008 11:44 AM 153,344 dmio.sys
04/13/2008 11:44 AM 799,744 dmboot.sys
04/13/2008 11:45 AM 52,864 dmusic.sys
04/13/2008 11:45 AM 6,272 splitter.sys
04/13/2008 11:45 AM 172,416 kmixer.sys
04/13/2008 11:45 AM 56,576 swmidi.sys
04/13/2008 11:45 AM 2,944 drmkaud.sys
04/13/2008 11:45 AM 60,160 drmk.sys
04/13/2008 11:45 AM 49,408 stream.sys
04/13/2008 11:45 AM 24,960 hidparse.sys
04/13/2008 11:45 AM 36,864 hidclass.sys
04/13/2008 11:45 AM 19,200 hidir.sys
04/13/2008 11:45 AM 10,368 hidusb.sys
04/13/2008 11:45 AM 46,592 irbus.sys
04/13/2008 11:45 AM 15,104 usbscan.sys
04/13/2008 11:45 AM 30,208 usbehci.sys
04/13/2008 11:45 AM 20,608 usbuhci.sys
04/13/2008 11:45 AM 17,152 usbohci.sys
04/13/2008 11:45 AM 143,872 usbport.sys
04/13/2008 11:45 AM 59,520 usbhub.sys
04/13/2008 11:45 AM 26,368 usbstor.sys
04/13/2008 11:45 AM 25,600 usbcamd.sys
04/13/2008 11:45 AM 25,728 usbcamd2.sys
04/13/2008 11:45 AM 15,872 usbintel.sys
04/13/2008 11:46 AM 25,344 sonydcam.sys
04/13/2008 11:46 AM 61,696 ohci1394.sys
04/13/2008 11:46 AM 53,376 1394bus.sys
04/13/2008 11:46 AM 121,984 usbvideo.sys
04/13/2008 11:46 AM 15,232 streamip.sys
04/13/2008 11:46 AM 10,880 ndisip.sys
04/13/2008 11:46 AM 17,024 ccdecode.sys
04/13/2008 11:46 AM 11,136 slip.sys
04/13/2008 11:46 AM 19,200 wstcodec.sys
04/13/2008 11:46 AM 85,248 nabtsfec.sys
04/13/2008 11:46 AM 18,944 bthusb.sys
04/13/2008 11:46 AM 25,600 hidbth.sys
04/13/2008 11:46 AM 36,480 bthprint.sys
04/13/2008 11:46 AM 59,136 rfcomm.sys
04/13/2008 11:46 AM 37,888 bthmodem.sys
04/13/2008 11:46 AM 17,024 bthenum.sys
04/13/2008 11:47 AM 25,856 usbprint.sys
04/13/2008 11:51 AM 59,904 atmarpc.sys
04/13/2008 11:51 AM 60,800 arp1394.sys
04/13/2008 11:51 AM 61,824 nic1394.sys
04/13/2008 11:51 AM 55,808 atmlane.sys
04/13/2008 11:51 AM 101,120 bthpan.sys
04/13/2008 11:53 AM 40,320 nmnt.sys
04/13/2008 11:53 AM 71,552 bridge.sys
04/13/2008 11:53 AM 36,608 ip6fw.sys
04/13/2008 11:54 AM 11,264 irenum.sys
04/13/2008 11:55 AM 14,592 ndisuio.sys
04/13/2008 11:56 AM 12,288 tunmp.sys
04/13/2008 11:56 AM 34,688 netbios.sys
04/13/2008 11:56 AM 88,320 nwlnkipx.sys
04/13/2008 11:56 AM 35,072 msgpc.sys
04/13/2008 11:56 AM 69,120 psched.sys
04/13/2008 11:56 AM 30,592 rndismpx.sys
04/13/2008 11:56 AM 12,800 usb8023.sys
04/13/2008 11:56 AM 30,592 rndismp.sys
04/13/2008 11:56 AM 12,800 usb8023x.sys
04/13/2008 11:57 AM 20,864 ipinip.sys
04/13/2008 11:57 AM 152,832 ipnat.sys
04/13/2008 11:57 AM 34,560 wanarp.sys
04/13/2008 11:57 AM 10,112 ndistapi.sys
04/13/2008 11:57 AM 14,336 asyncmac.sys
04/13/2008 11:57 AM 40,576 ndproxy.sys
04/13/2008 11:57 AM 41,472 raspppoe.sys
04/13/2008 12:00 PM 19,072 tdi.sys
04/13/2008 12:00 PM 30,080 modem.sys
04/13/2008 12:14 PM 63,744 cdfs.sys
04/13/2008 12:14 PM 143,744 fastfat.sys
04/13/2008 12:15 PM 64,512 serial.sys
04/13/2008 12:15 PM 574,976 ntfs.sys
04/13/2008 12:15 PM 60,800 sysaudio.sys
04/13/2008 12:16 PM 49,536 classpnp.sys
04/13/2008 12:17 PM 105,344 mup.sys
04/13/2008 12:17 PM 83,072 wdmaud.sys
04/13/2008 12:18 PM 52,480 i8042prt.sys
04/13/2008 12:19 PM 146,048 portcls.sys
04/13/2008 12:19 PM 75,264 ipsec.sys
04/13/2008 12:19 PM 51,328 rasl2tp.sys
04/13/2008 12:19 PM 48,384 raspptp.sys
04/13/2008 12:20 PM 182,656 ndis.sys
04/13/2008 12:20 PM 91,520 ndiswan.sys
04/13/2008 12:21 PM 162,816 netbt.sys
04/13/2008 12:28 PM 175,744 rdbss.sys
04/13/2008 12:45 PM 60,032 USBAUDIO.sys
04/13/2008 12:45 PM 32,128 usbccgp.sys
04/13/2008 01:16 PM 141,056 ks.sys
04/13/2008 05:11 PM 3,135 adv08nt5.dll
04/13/2008 05:11 PM 3,711 adv09nt5.dll
04/13/2008 05:11 PM 4,255 adv01nt5.dll
04/13/2008 05:11 PM 3,775 adv11nt5.dll
04/13/2008 05:11 PM 3,967 adv02nt5.dll
04/13/2008 05:11 PM 3,647 adv07nt5.dll
04/13/2008 05:11 PM 3,615 adv05nt5.dll
04/13/2008 05:11 PM 11,359 atv02nt5.dll
04/13/2008 05:11 PM 14,143 atv06nt5.dll
04/13/2008 05:11 PM 21,183 atv01nt5.dll
04/13/2008 05:11 PM 17,279 atv10nt5.dll
04/13/2008 05:11 PM 15,423 ch7xxnt5.dll
04/13/2008 05:11 PM 25,471 atv04nt5.dll
04/13/2008 05:12 PM 3,901 siint5.dll
04/13/2008 05:12 PM 11,325 vchnt5.dll
04/13/2008 05:13 PM 12,040 tdpipe.sys
04/13/2008 05:13 PM 40,840 termdd.sys
04/13/2008 05:13 PM 21,896 tdtcp.sys
04/13/2008 05:13 PM 139,656 rdpwd.sys
05/08/2008 07:02 AM 203,136 rmcast.sys
06/13/2008 04:05 AM 272,128 bthport.sys
06/20/2008 04:51 AM 361,600 tcpip.sys
08/14/2008 03:04 AM 138,496 afd.sys
03/25/2009 06:29 AM 130,432 Rtnicxp.sys
05/01/2009 02:03 PM 9,464 cdralw2k.sys
05/01/2009 02:03 PM 9,336 cdr4_xp.sys
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 04:18 AM 92,928 ksecdd.sys
06/24/2009 12:02 PM disdn
06/27/2009 04:26 PM UMDF
08/13/2009 03:07 PM 1,163,328 AGRSM.sys
10/16/2009 02:33 AM 41,472 usbaapl.sys
10/20/2009 09:20 AM 265,728 http.sys
10/30/2009 08:37 PM 93,360 SBREDrv.sys
12/20/2009 01:53 PM etc
12/31/2009 09:50 AM 353,792 srv.sys
02/11/2010 05:02 AM 226,880 tcpip6.sys
02/24/2010 06:11 AM 455,680 mrxsmb.sys
04/27/2010 11:40 AM 45,648 pxhelp20.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
05/05/2010 01:38 PM 21,035 AegisP.sys
06/12/2010 03:10 AM 691,696 sptd.sys
07/23/2010 03:12 PM ..
07/23/2010 03:12 PM .
07/23/2010 03:20 PM 766,464 vcjrn.sys
333 File(s) 37,335,759 bytes
5 Dir(s) 31,718,547,456 bytes free



Virtual drives found?



Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Blackshear\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GHFJ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Blackshear
LOGONSERVER=\\GHFJ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BLACKS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BLACKS~1\LOCALS~1\Temp
USERDOMAIN=GHFJ
USERNAME=Blackshear
USERPROFILE=C:\Documents and Settings\Blackshear
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI



Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Fri Jul 23, 2010 10:34 pm

Stealth malware?


Internet Explorer


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.00.2800.1017
Search Bar REG_SZ http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
FullScreen REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Check_Associations REG_SZ yes
DEPOff REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 00000100
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivacyAdvanced REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
GlobalUserOffline REG_DWORD 0x0
PrivDiscUiShown REG_DWORD 0x1
WarnOnZoneCrossing REG_DWORD 0x0
EnableAutodial REG_DWORD 0x0
UrlEncoding REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
WarnonBadCertRecving REG_DWORD 0x0
WarnOnPostRedirect REG_DWORD 0x0
SyncMode5 REG_DWORD 0x2
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x0
ProxyOverride REG_SZ *.local
ZonesSecurityUpgradeDone REG_DWORD 0x1
ZonesSecurityUpgrade REG_BINARY 22032D7F96E5C901
MaxConnectionsPer1_0Server REG_DWORD 0x6
MaxConnectionsPerServer REG_DWORD 0x6
ProxyOverride.Bonjour.bak REG_SZ *.local
ProxyOverride.Bonjour REG_SZ

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x0
NoJITSetup REG_DWORD 0x0
Disable script Debugger REG_SZ yes
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Start Page REG_SZ http://www.adelphia.net/
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF26000000000000001F060000F7030000
Default_Search_URL REG_SZ http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
FullScreen REG_SZ no
NotifyDownloadComplete REG_SZ yes
AddToFavoritesExpanded REG_DWORD 0x1
Use FormSuggest REG_SZ yes
AutoSearch REG_DWORD 0x5
HistoryViewType REG_BINARY 0000
Error Dlg Displayed On Every Error REG_SZ no
Error Dlg Details Pane Open REG_SZ yes
FormSuggest PW Ask REG_SZ no
Save Directory REG_SZ C:\Documents and Settings\HP_Administrator\My Documents\Parking Citation Appeal Forms\
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x1
DisablescriptDebuggerIE REG_SZ yes
NoWebJITSetup REG_DWORD 0x0
Page_Transitions REG_DWORD 0x1
Enable Browser Extensions REG_SZ yes
UseThemes REG_DWORD 0x1
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
ShowGoButton REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Enable_MyPics_Hoverbar REG_SZ yes
Play_Animations REG_SZ no
Play_Background_Sounds REG_SZ no
Display Inline Videos REG_SZ no
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
LastCheckedHi REG_DWORD 0x1cb0152
Use Search Asst REG_SZ no
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
AutoHide REG_SZ yes
EnableSearchPane REG_DWORD 0x0
AlwaysShowMenus REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
SearchMigratedDefaultName REG_SZ Google
SearchMigratedDefaultURL REG_SZ http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchMigratedInstalled REG_DWORD 0x1
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
LastCommand REG_DWORD 0x0
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 6CF2281C2417CA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 406D3AC462E9C901
IE8RunOncePerInstallCompleted REG_DWORD 0x1
IE8RunOnceCompletionTime REG_BINARY 448971732417CA01
DOMStorage REG_DWORD 0x1
SearchControlWidth REG_DWORD 0x12c
IE8TourNoShow REG_DWORD 0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} REG_SZ
REG_SZ
{47833539-D0C5-4125-9FA8-0819E2EAAC93} REG_BINARY 00
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} REG_DWORD 0x0

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to existing PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to Adobe PDF

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel


Protocol hijack?



Security Center


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
AntiVirusDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe REG_SZ C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Disabled:BackWeb for Pavilion
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe REG_SZ C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
C:\WINDOWS\system32\sessmgr.exe REG_SZ C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe REG_SZ C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe REG_SZ C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe:*:Enabled:Adobe Flash CS3
C:\Documents and Settings\Blackshear\Local Settings\Application Data\Google\Chrome\Application\chrome.exe REG_SZ C:\Documents and Settings\Blackshear\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe REG_SZ C:\Program Files\NETGEAR\WG111v2\WG111v2.exe:*:Enabled:NETGEAR WG111v2 Smart Wizard
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe REG_SZ C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3
C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe REG_SZ C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player


Uninstall List


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\12133444-BF36-4d4e-B7FB-A3424C645DE4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5DAA9E44-1B31-41CD-88A8-228EDED6E36E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7D048B8F-76EB-4BFA-9629-2A5881C9F7A3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 8 Professional

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 8 Professional_823

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_3e054d2218e7aa282c2369d939e58ff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_5ac697db6c6103f6f8b5198d25f73f7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_6c8e2cb4fd241c55406016127a6ab2e

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AviSynth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B3EE3001-DC24-4cd1-8743-5692C716659F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BackWeb-309731 Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Plus DirectShow Filters

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Setup.divx.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Printer and Utilities

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Scanner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Help and Support Additions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2229593

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900325

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB903157

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB909520

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913800

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925766

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953295

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971513

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973768

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973874-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975364-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KBD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KBKB895961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LSI Soft Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PS2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Python 2.2.3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pywin32-py2.2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RecordNow.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silent Package Run-Time Sample

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemRequirementsLab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TweakNow PowerPack 2009_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TweakNow PowerPack 2010_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xvid_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0046FA01-C5B9-4985-BACB-398DC480FC05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0224CACC-994D-45F8-B973-D65056EA9C2F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0327FA9D-975C-448C-A086-577D57BB25B8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08B32819-6EEF-4057-AEDA-5AB681A36A23}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CEC06EF-5052-4CE8-8256-74AE363A4238}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A44844-4465-456E-8C97-80BDD4F68845}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14589F05-C658-4594-9429-D437BA688686}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A103D70-5C9B-4E1A-B306-5106C68F9914}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AD5F465-8282-4DAD-B957-E09C0B783D18}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D2C96C3-A3F3-49E7-B839-95279DED837F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D58229F-C505-45CA-8223-F35F3A34B963}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21E75254-410E-49C4-8981-2E1A2A2221F2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{267868CE-6DFF-40F7-9C58-C01119B7B117}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216014FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216016FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{272EC8BA-5A08-4ea1-A189-684466A06B02}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28CFF19D-B92C-4109-A427-F75505E81688}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29E5EA97-5F74-4A57-B8B2-D4F169117183}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32343DB6-9A52-40C9-87E4-5E7C79791C87}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36FCD82D-1CED-436d-B33C-874EEC666D68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3AE681E0-4E8D-453F-950A-48534D3C0724}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4102037D-E8E0-48E0-B203-E521D194FB71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{485ACF57-F364-440A-8496-E1E81C8FA1AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51846830-E7B2-4218-8968-B77F0FF475B8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54793AA1-5001-42F4-ABB6-C364617C6078}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{55508A44-8225-47AB-9666-1F57A5B5CE2E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C08784B-D955-4BB4-8C70-43C89A738F58}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E8D588F-307C-4250-B622-26969027319A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5EE7D259-D137-4438-9A5F-42F432EC0421}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{644D04A2-C682-4FD5-977D-03B804C4B9C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{646A65DD-23FC-418E-B9F0-E0500FB42CB1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68963635-14A4-48D9-B431-DF3A74D1AAE1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ACC5F14-DE57-4AF3-82A8-49166A78C42C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B350CA4-0031-0002-3757-34999AD85AEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B52140A-F189-4945-BFFC-DB3F00B8C589}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B708481-748A-4EB4-97C1-CD386244FF77}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{725249C3-B94C-4141-8799-0D3BA43D0812}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AB3A249-FB81-416B-917A-A2A10E74C503}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ACFB90E-8FD0-4397-AD3A-5195412623A3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B98685A-4E21-4A4F-A2D6-DC557042BADA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DFC1012-D346-46CE-B03E-FF79125AE029}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D0C57BC-4942-4960-BB6D-142456D6F233}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F4507EF-C5F3-46CE-9718-9D3698821333}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90176341-0A8B-4CCC-A78D-F862228A6B95}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90240409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90AD8C11-ED4A-4AE7-BB70-7740C452C999}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9541FED0-327F-4DF0-8B96-EF57EF622F19}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95655ED4-7CA5-46DF-907F-7144877A32E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9941F0AA-B903-4AF4-A055-83A9815CC011}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C9824D9-9000-4373-A6A5-D0E5D4831394}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1062847-0846-427A-92A1-BB8251A91E91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2500497-FD32-493e-B8E5-28D6728DBEF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4EA3AB4-E78C-4286-96DF-26035507CE55}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5B9D22C-755A-4AC6-9904-875E80838BB6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-1033-0000-7760-000000000003}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A91000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B32C75F2-7495-4D01-9431-C11E97D66F8C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B911B811-BA3E-46D4-90F8-6F3338359651}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE5F3842-8309-4754-92D5-83E02E6077A3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F058C0-A21C-452D-8D99-95B1A45F417D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB3F8375-B600-4B9F-83C9-238ED1E583FD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDFCF124-115F-4976-8BF4-08C89187A146}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Fri Jul 23, 2010 10:37 pm

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0420D64-8D33-4374-A2B2-9225C7925CA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DFF92A-492E-4C40-B862-A74A173C25C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E0343A4C-2FFD-4CCB-B0EB-5DE9F0E2A083}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E07B7A31-E160-466D-A003-3BB7B8989D52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E69AE897-9E0B-485C-8552-7841F48D42D8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E85FA9A1-C241-4698-893B-DD99509B8DB0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB0202F7-016A-410C-ADE4-40F848CCC661}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC8673DA-F96B-497E-B2DB-BC7B029FD680}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F08E8D2E-F132-4742-9C87-D5FF223A016A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F419D20A-7719-4639-8E30-C073A040D878}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB26A501-6BA6-459B-89AA-9736730752FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE57DE70-95DE-4B64-9266-84DA811053DB}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
mpath REG_SZ ZQPTIAzK-XXTGTNNpO-CGHkFXKXQ-HrKdB9QlY

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent DNA

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome


Adobe Products


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
EstimatedSize REG_DWORD 0x1800

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ http://www.adobe.com/go/flashplayer_support/
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/go/getflashplayer/
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
DisplayName REG_SZ Adobe Shockwave Player 11.5
UninstallString REG_SZ "C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
DisplayIcon REG_SZ C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe,0
DisplayVersion REG_SZ 11.5
HelpLink REG_SZ http://www.adobe.com/support/shockwave
InstallLocation REG_SZ C:\WINDOWS\system32\Adobe
Publisher REG_SZ Adobe Systems, Inc.
URLInfoAbout REG_SZ http://www.adobe.com
URLUpdateInfo REG_SZ http://www.adobe.com/software/shockwaveplayer/index.html
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x1


Autorun


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Google Update REG_SZ "C:\Documents and Settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
EPSON Stylus CX7400 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S220.tmp" /EF "HKCU"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
High Definition Audio Property Page Shortcut REG_SZ "HDAudPropShortcut.exe"
SoundMan REG_SZ "SOUNDMAN.EXE"
ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray REG_SZ "C:\PROGRA~1\SYMANT~1\VPTray.exe"
REG_SZ
CD Autorun REG_SZ "C:\Program Files\TweakNow RegCleaner\TweakNow PowerPack 2009\CDAuto.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
DivXUpdate REG_SZ "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Jvapibuzixu REG_SZ rundll32.exe "C:\WINDOWS\urojohapuhid.dll",Startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


Restrictions - Internet Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel


Restrictions - REGEDIT


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HideLegacyLogonscripts REG_DWORD 0x0
HideLogoffscripts REG_DWORD 0x0
RunLogonscriptSync REG_DWORD 0x1
RunStartupscriptSync REG_DWORD 0x0
HideStartupscripts REG_DWORD 0x0


Restrictions - Explorer


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun REG_DWORD 0x95
NoDrives REG_DWORD 0x0
NoRecentDocsHistory REG_DWORD 0x1
ClearRecentDocsOnExit REG_DWORD 0x1
NoToolbarCustomize REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run


DNS Settings


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32E32E03-03F4-410F-88B5-69B8E9774A08}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5AB0B083-40AF-4683-96A9-1B28EF6F403D}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{806D2A77-DA02-437A-8697-82CEA873675A}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{85EACF08-B893-4C97-887B-6D2A79ED9080}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4B15C66-26FC-4898-8BEB-C27C7DCC525F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B8166BC4-2D7D-419F-AFBB-50D4E60A8FA7}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FDEDE52E-2A4A-4A61-B156-1E28D103936D}


Windows IP Configuration



Host Name . . . . . . . . . . . . : GHFJ

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter #3

Physical Address. . . . . . . . . : 00-24-B2-42-D2-ED

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Friday, July 23, 2010 3:13:11 PM

Lease Expires . . . . . . . . . . : Friday, July 23, 2010 4:13:11 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-11-D8-D6-43-F7



AppInit DLLs


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ



Shell Service Object Delay Load


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5}



Shell Execute Hooks


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ


Image File Execution Options


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE


Security Providers



Local Security Authority


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x430
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs



App Paths


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Acrobat.exe
REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcrobatInfo.exe
REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroDist.exe
REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
Path REG_SZ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\
REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Adobe Encore.exe
REG_SZ "C:\Program Files\Adobe\Adobe Encore CS3\Adobe Encore.exe"
Path REG_SZ "C:\Program Files\Adobe\Adobe Encore CS3"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Adobe Premiere Pro.exe
REG_SZ "C:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe"
Path REG_SZ C:\Program Files\Adobe\Adobe Premiere Pro CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Adobe Soundbooth CS3.exe
REG_SZ "C:\Program Files\Adobe\Adobe Soundbooth CS3\Adobe Soundbooth CS3.exe"
Path REG_SZ "C:\Program Files\Adobe\Adobe Soundbooth CS3"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AfterFX.exe
REG_SZ C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe
Path REG_SZ C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AutoSlide.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\AutoSlide.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AutoVideo.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\AutoVideo.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bridge.exe
REG_SZ C:\Program Files\Adobe\Adobe Bridge CS3\bridge.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Bridge CS3

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccApp.exe
PATH REG_SZ C:\Program Files\Common Files\Symantec Shared\;
REG_SZ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CDBackup.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\CDBackup.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
Path REG_SZ C:\Documents and Settings\Blackshear\Local Settings\Application Data\Google\Chrome\Application
REG_SZ C:\Documents and Settings\Blackshear\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
REG_SZ C:\Program Files\NetMeeting\conf.exe
Path REG_SZ C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Contribute.exe
REG_SZ C:\Program Files\Adobe\Adobe Contribute CS3\Contribute.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Contribute CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update\Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update\Files\E_DUPA10.EXE
Path REG_SZ C:\Program Files\EPSON\Scanner Driver Update\CX7400
REG_SZ C:\Program Files\EPSON\Scanner Driver Update\CX7400\D:\Scanner Driver Update\Files\E_DUPA10.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
REG_SZ C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dreamweaver.exe
REG_SZ C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
InstallPath REG_SZ C:\Program Files\Adobe\Adobe Dreamweaver CS3\
Path REG_SZ C:\Program Files\Adobe\Adobe Dreamweaver CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Escfg.exe
REG_SZ C:\WINDOWS\twain_32\escndv\Escfg.exe
Path REG_SZ C:\WINDOWS\twain_32\escndv

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Escndv.exe
REG_SZ C:\WINDOWS\twain_32\escndv\Escndv.exe
Path REG_SZ C:\WINDOWS\twain_32\escndv

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Flash.exe
REG_SZ C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HijackThis.exe
REG_SZ C:\Documents and Settings\Blackshear\Desktop\hijackthis.exe
Path REG_SZ C:\Documents and Settings\Blackshear\Desktop

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpdstb01.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\bin\
REG_SZ c:\Program Files\HP\Digital Imaging\bin\hpdstb01.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqApkil.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\Unload\;c:\Program Files\HP\Digital Imaging\bin
REG_SZ c:\Program Files\HP\Digital Imaging\Unload\HpqApkil.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqgalry.exe
REG_SZ c:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPhUnl.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\Unload\;c:\Program Files\HP\Digital Imaging\Unload\bin;c:\Program Files\HP\Digital Imaging\bin
REG_SZ c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPSmon.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\Unload\;c:\Program Files\HP\Digital Imaging\bin
REG_SZ c:\Program Files\HP\Digital Imaging\Unload\HpqPSmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqthb08.exe
REG_SZ c:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\bin\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqUnSet.exe
REG_SZ c:\Program Files\HP\Digital Imaging\Unload\HpqUnSet.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\Unload\;c:\Program Files\HP\Digital Imaging\Unload\bin;c:\Program Files\HP\Digital Imaging\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HPSdpApp.exe
Path REG_SZ C:\Program Files\Easy Internet signup\
REG_SZ C:\Program Files\Easy Internet signup\HPSdpApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
REG_SZ "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Illustrator.exe
REG_SZ C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InDesign.exe
REG_SZ C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe
Path REG_SZ C:\Program Files\Adobe\Adobe InDesign CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
useURL REG_SZ 1
REG_SZ C:\Program Files\Microsoft Office\OFFICE11\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
REG_SZ "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path REG_SZ C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISPSignup.exe
REG_SZ C:\Program Files\Easy Internet signup\ISPSignup.exe
Path REG_SZ C:\Program Files\Easy Internet signup\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LUALL.EXE
REG_SZ C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
Path REG_SZ C:\Program Files\Symantec\LiveUpdate

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MemMixImageTool.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\MemMixImageTool\MemMixImageTool.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\MemMixImageTool\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
REG_EXPAND_SZ %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
REG_SZ C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mphonetools.exe
REG_SZ C:\Program Files\Motorola Phone Tools\mphonetools.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
Path REG_SZ "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\MSACCESS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\msimn.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
REG_SZ C:\Program Files\Messenger\msmsgs.exe
Path REG_SZ C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
useURL REG_SZ 1
REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
SaveURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\MSPUB.EXE
useURL REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
Path REG_SZ C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\
REG_SZ C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
REG_SZ c:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\OIS.EXE
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
REG_EXPAND_SZ %SystemRoot%\system32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Pcdrw32.exe
Path REG_SZ C:\Program Files\PC-Doctor for Windows\
(Default) REG_SZ C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photo Recovery.exe
REG_SZ C:\Program Files\Photo Recovery\Photo Recovery.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
Path REG_SZ C:\Program Files\Adobe\Adobe Photoshop CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
REG_SZ C:\Program Files\Windows NT\Pinball\pinball.exe
Path REG_SZ C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\POWERPNT.EXE
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Python.exe
REG_SZ C:\Python22\Python.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealPlay.exe
REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe
Path REG_SZ C:\Program Files\Real\RealPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RecordNow.exe
REG_SZ c:\Program Files\Sonic RecordNow!\RecordNow.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
REG_SZ C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
Path REG_SZ C:\Program Files\Common Files\Real\Update_OB\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall REG_DWORD 0x1
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
REG_SZ C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SonyCopy.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyCopy.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SonyPotl.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyPotl.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SonyTray.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\USBStrTool.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\USBStrTool\USBStrTool.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\USBStrTool\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VcdMaker.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\VcdMaker.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ViewerApp.exe
REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Viewer\ViewerApp.exe
Path REG_SZ C:\Program Files\Sony Corporation\Picture Package\Picture Package Viewer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VPC32.exe
REG_SZ C:\Program Files\Symantec AntiVirus\\VPC32.exe
Path REG_SZ C:\Program Files\Symantec AntiVirus\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\vptray.exe
REG_SZ C:\PROGRA~1\SYMANT~1\VPTray.exe
path REG_SZ C:\Program Files\Common Files\Symantec Shared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
REG_EXPAND_SZ %ProgramFiles%\Outlook Express\wabmig.exe
Path REG_EXPAND_SZ %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WCreator.exe
Path REG_SZ C:\Program Files\InterVideo\WCreator2
REG_SZ C:\Program Files\InterVideo\WCreator2\WCreator.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinDVD.exe
Path REG_SZ C:\Program Files\InterVideo\WinDVD
REG_SZ C:\Program Files\InterVideo\WinDVD\WinDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
useURL REG_SZ 1
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
REG_SZ C:\PROGRA~1\MI1933~1\OFFICE11\WINWORD.EXE
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKPLMSTP.EXE
REG_SZ c:\Program Files\Microsoft Works\wkplmstp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
REG_SZ c:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe
Path REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
REG_SZ c:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
REG_SZ c:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
REG_SZ c:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
REG_SZ c:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKWCESTP.EXE
REG_SZ c:\Program Files\Microsoft Works\wkwcestp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
REG_SZ C:\Program Files\Windows Media Player\wmplayer.exe
Path REG_SZ C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
REG_SZ "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"


Mozilla


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[You must be registered and logged in to see this link.] REG_EXPAND_SZ C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{9283DEF8-43A0-4D5B-BDE1-11356972ACE0} REG_SZ C:\Documents and Settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}


Shared Task Scheduler


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon


SafeBoot



SafeBootMinimal


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}



Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Fri Jul 23, 2010 10:38 pm

SafeBootNetwork


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}


File Rename Operations - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations


Known DLLs - Session


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32 REG_SZ advapi32.dll
comdlg32 REG_SZ comdlg32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
imagehlp REG_SZ imagehlp.dll
kernel32 REG_SZ kernel32.dll
lz32 REG_SZ lz32.dll
ole32 REG_SZ ole32.dll
oleaut32 REG_SZ oleaut32.dll
olecli32 REG_SZ olecli32.dll
olecnv32 REG_SZ olecnv32.dll
olesvr32 REG_SZ olesvr32.dll
olethk32 REG_SZ olethk32.dll
rpcrt4 REG_SZ rpcrt4.dll
shell32 REG_SZ shell32.dll
url REG_SZ url.dll
urlmon REG_SZ urlmon.dll
user32 REG_SZ user32.dll
version REG_SZ version.dll
wininet REG_SZ wininet.dll
wldap32 REG_SZ wldap32.dll


Downloaded program files (ActiveX)


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

PATH: C:\windows\Downloaded Program Files

dwusplay.dll
dwusplay.exe
erma.inf
isusweb.dll


Mountpoints


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05b4-9580-11d9-a85b-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05b5-9580-11d9-a85b-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05b6-9580-11d9-a85b-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05b7-9580-11d9-a85b-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05b9-9580-11d9-a85b-0011d8924102}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05ba-9580-11d9-a85b-0011d8924102}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05bb-9580-11d9-a85b-0011d8924102}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{053c05bc-9580-11d9-a85b-0011d8924102}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064dc887-ac0a-11db-837a-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09819fdc-7099-11d9-a5b3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09819fdd-7099-11d9-a5b3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09819fde-7099-11d9-a5b3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0d3309-70df-11d9-b50b-000c76c3578c}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc3e-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc3f-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc40-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc41-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc42-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc43-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc44-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f2ffc45-60f4-11de-99c3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{292c4634-cf03-11de-9a45-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b8eaa2-756a-11dd-8614-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a596073-fc7b-11dd-86eb-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d2b73e1-4fca-11de-b4d4-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fc29e08-57b9-11df-9b1e-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5601d952-7879-11de-99e8-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ad9c-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ad9d-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ad9e-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ad9f-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ada0-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ada1-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ada2-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5848ada3-c501-11d9-80e3-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60e4a31e-760b-11df-9b51-0024b242d2ed}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65934acd-952b-11df-9b7f-0024b242d2ed}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66358ef0-395a-11db-82eb-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a25ad5a-77d9-11de-99e7-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79907af6-c634-11dd-8697-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc2-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc3-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc4-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc5-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc6-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e1a2fc7-4fd4-11de-84ae-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa79e56-21d2-11dc-8414-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979032a0-ec42-11de-9a80-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979032a3-ec42-11de-9a80-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fbc1d95-5bf2-11de-808b-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aee020f7-a8a7-11de-9a13-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0aa8ace-fd28-11dd-86ec-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b907918c-3997-11db-82ed-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3b86430-0a8e-11de-86fe-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cae1c21a-bbab-11db-838f-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e66bb8-44f4-11df-9b01-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d501632e-ccb5-11d9-80f7-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f54592e0-556c-11de-807d-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9361854-8975-11db-835b-0011d8d643f7}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC


Winlogon


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell REG_DWORD 0x1
DefaultUserName REG_SZ Blackshear
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD 0xffffffff
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0x0
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0x0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0x0
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 0x1
ShowLogonOptions REG_DWORD 0x1
AltDefaultUserName REG_SZ Blackshear
AltDefaultDomainName REG_SZ GHFJ
DefaultDomainName REG_SZ GHFJ
ChangePasswordUseKerberos REG_DWORD 0x1
AutoAdminLogon REG_SZ 0
Key REG_BINARY 98330701
GinaDLL REG_SZ RtlGina2.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials


Windows Update


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-07-14 00:04:54
LastError REG_DWORD 0x0


Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: Symantec AntiVirus Corporate Edition *Scanner enabled* (Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}


{END OF FILE}

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Fri Jul 23, 2010 10:39 pm

System File Integrity

6D4FEB43EE538FC5428CC7F0565AA656 C:\WINDOWS\system32\eventlog.dll
A86BB5E61BF3E39B62AB4C7E7085A084 C:\WINDOWS\system32\scecli.dll
1B7F071C51B77C272875C3A23E1E4550 C:\WINDOWS\system32\netlogon.dll
9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\system32\drivers\atapi.sys
08FD04AA961BDC77FB983F328334E3D7 C:\WINDOWS\system32\drivers\agp440.sys
044452051F3E02E7963599FC8F4F3E25 C:\WINDOWS\system32\drivers\disk.sys
1DF7F42665C94B825322FAE71721130D C:\WINDOWS\system32\drivers\ndis.sys
A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\system32\drivers\usbstor.sys
DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\drivers\beep.sys
12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\explorer.exe
8C515081584A38AA007909CD02020B3D C:\WINDOWS\system32\alg.exe
8AAD333C876590293F72B315E162BCC7 C:\WINDOWS\system32\ansi.sys
BDAAF79DD63F194434D31A74B9BB8B77 C:\WINDOWS\system32\crypt32.dll
4939E99C1B61017E37A006EEC2E7632D C:\WINDOWS\system32\ieframe.dll
9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\system32\drivers\kbdhid.sys
B921FB870C9AC0D509B2CCABBBBE95F3 C:\WINDOWS\system32\kernel32.dll
ED4BF709AAD8B665075DE06A0945B030 C:\WINDOWS\system32\keyboard.drv
FBBCFEC1379C5C02D88A361993EDF1B8 C:\WINDOWS\system32\keyboard.sys
7D29780AC88BB7292CDCFF71BA67433D C:\WINDOWS\system32\mouse.drv
4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\system32\drivers\i8042prt.sys
463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\system32\drivers\kbdclass.sys
08B99916C98E15F6C28D24D73E53B45A C:\WINDOWS\system32\shell32.dll
8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\drivers\acpi.sys
CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\drivers\pciide.sys
76C465F570E90C28942D52CCB2580A10 C:\WINDOWS\system32\drivers\scsiport.sys
9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\system32\drivers\tcpip.sys
832E4DD8964AB7ACC880B2837CB1ED20 C:\WINDOWS\system32\mswsock.dll
D72B9EC3337B247A666F098F3D6B43DE C:\WINDOWS\system32\winrnr.dll
72451FD61DDBB0A1FB071B7C3CDE5594 C:\WINDOWS\system32\rsvpsp.dll
{EOF}

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Sat Jul 24, 2010 1:58 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

ComboFix

Post by Scoobydont on Sat Jul 24, 2010 4:57 am

ComboFix 10-07-23.02 - Blackshear 07/23/2010 21:38:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2717 [GMT -7:00]
Running from: c:\documents and settings\Blackshear\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}
c:\documents and settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}\chrome.manifest
c:\documents and settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}\chrome\content\_cfg.js
c:\documents and settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}\chrome\content\overlay.xul
c:\documents and settings\Blackshear\Local Settings\Application Data\{9283DEF8-43A0-4D5B-BDE1-11356972ACE0}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\Install.txt
c:\windows\urojohapuhid.dll
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-23 23:42 . 2010-07-23 23:42 -------- d-----w- c:\program files\uTorrent
2010-07-22 06:26 . 2010-07-22 06:30 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2010-07-22 04:04 . 2010-07-22 04:04 -------- d-----w- c:\documents and settings\Blackshear\Local Settings\Application Data\cwfxsaqis
2010-07-22 04:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 04:03 . 2010-07-22 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 04:03 . 2010-07-22 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 04:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 04:02 . 2010-07-22 04:02 -------- d-----w- c:\documents and settings\Blackshear\Local Settings\Application Data\vbnipgsks
2010-07-22 03:49 . 2010-07-22 03:49 -------- d-----w- c:\documents and settings\Blackshear\Local Settings\Application Data\sagvowvux
2010-07-22 03:49 . 2010-07-24 01:44 120 ----a-w- c:\windows\Pcuguqoboxeboda.dat
2010-07-22 03:49 . 2010-07-23 07:14 0 ----a-w- c:\windows\Ocuka.bin
2010-07-22 03:47 . 2010-07-22 03:47 -------- d-----w- c:\documents and settings\Blackshear\Local Settings\Application Data\lcrjkguyh
2010-07-22 03:47 . 2010-07-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-22 03:47 . 2010-07-24 04:47 766464 ----a-w- c:\windows\system32\drivers\vcjrn.sys
2010-07-22 01:00 . 2010-07-22 01:00 -------- d-----w- C:\EPSONREG
2010-07-22 00:59 . 2007-01-11 11:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-07-22 00:53 . 2010-07-22 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-07-22 00:53 . 2006-12-08 09:04 76800 ----a-w- c:\windows\system32\E_FLBCDA.DLL
2010-07-22 00:53 . 2006-04-19 09:00 62976 ----a-w- c:\windows\system32\E_FD4BCDA.DLL
2010-07-22 00:52 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-22 00:52 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-22 00:52 . 2007-03-27 07:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2010-07-22 00:52 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-22 00:52 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-10 23:09 . 2010-07-10 23:09 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-08 21:00 . 2010-07-08 21:00 -------- d-----w- c:\program files\iPod
2010-07-08 20:48 . 2010-07-08 20:48 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-04 00:11 . 2010-07-23 00:36 -------- d-----w- c:\documents and settings\Blackshear\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 04:35 . 2009-06-24 21:25 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-24 04:24 . 2009-06-27 02:25 -------- d-----w- c:\documents and settings\Blackshear\Application Data\uTorrent
2010-07-22 21:34 . 2009-06-24 17:50 -------- d-----w- c:\program files\Java
2010-07-22 20:56 . 2009-12-09 08:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-22 06:26 . 2009-08-07 05:57 -------- d-----w- c:\documents and settings\Blackshear\Application Data\TweakNow PowerPack 2009
2010-07-22 03:53 . 2010-01-11 02:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-22 03:50 . 2010-05-04 04:16 63488 ----a-w- c:\documents and settings\Blackshear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-22 03:50 . 2009-06-24 22:18 117760 -c--a-w- c:\documents and settings\Blackshear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-22 00:59 . 2010-07-22 00:58 -------- d-----w- c:\program files\epson
2010-07-22 00:58 . 2009-06-24 18:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 23:12 . 2009-06-24 22:19 -------- d-----w- c:\documents and settings\Blackshear\Application Data\Hewlett-Packard
2010-07-10 23:09 . 2010-05-06 08:32 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 23:09 . 2010-05-06 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 23:09 . 2009-06-28 00:35 -------- d-----w- c:\program files\DivX
2010-07-10 23:08 . 2010-06-03 22:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 23:08 . 2010-05-06 08:31 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 23:08 . 2010-05-06 08:31 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-08 21:01 . 2009-10-31 07:19 -------- d-----w- c:\program files\iTunes
2010-07-08 21:00 . 2009-06-24 19:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-08 20:54 . 2009-06-24 19:46 -------- d-----w- c:\program files\Bonjour
2010-07-05 08:47 . 2010-06-22 03:21 -------- d-----w- c:\program files\Opera
2010-06-14 14:31 . 2009-06-24 11:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 04:57 . 2010-05-06 08:31 500400 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe
2010-06-12 10:27 . 2010-06-12 10:09 -------- d-----w- c:\documents and settings\Blackshear\Application Data\DAEMON Tools Lite
2010-06-12 10:10 . 2010-06-12 10:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-12 10:09 . 2010-06-12 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-04 21:51 . 2009-06-28 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 01:14 . 2009-06-28 00:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-04 01:14 . 2010-06-04 01:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-04 01:14 . 2010-06-04 01:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-04 01:13 . 2010-06-04 01:13 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 01:12 . 2010-06-04 01:12 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 11:55 . 2010-06-12 10:35 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-06-12 10:35 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-06-12 10:34 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41 . 2010-06-12 10:34 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-22 22:35 . 2010-05-22 22:35 503808 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\msvcp71.dll
2010-05-22 22:35 . 2010-05-22 22:35 499712 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\jmc.dll
2010-05-22 22:35 . 2010-05-22 22:35 348160 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\msvcr71.dll
2010-05-22 22:35 . 2010-05-22 22:35 61440 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2afbfa43-n\decora-sse.dll
2010-05-22 22:35 . 2010-05-22 22:35 12800 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2afbfa43-n\decora-d3d.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2009-06-24 11:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 08:31 . 2010-05-06 08:31 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 57409 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 52963 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54073 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 56969 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-05 20:38 . 2010-05-05 20:38 21035 -c--a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-02 05:22 . 2009-06-24 11:33 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2009-06-28 00:36 133616 -c----w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2009-06-24 18:14 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2009-06-24 18:14 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2004-07-13 09:03 45648 -c----w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"Google Update"="c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-24 85696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2010-5-12 1261568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Documents and Settings\\Blackshear\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\NETGEAR\\WG111v2\\WG111v2.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [5/12/2010 12:19 PM 194304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/23/2005 7:27 PM 124608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/12/2010 3:10 AM 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv11010
*Deregistered* - vcjrn
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009Core.job
- c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 04:56]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009UA.job
- c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 04:56]

2010-07-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-06-24 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: adelphia.net\www
Trusted Zone: aol.com\free
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-CD Autorun - c:\program files\TweakNow RegCleaner\TweakNow PowerPack 2009\CDAuto.exe
HKLM-Run-Jvapibuzixu - c:\windows\urojohapuhid.dll
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-23 21:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcjrn]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\RtlGina2.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-23 21:49:25
ComboFix-quarantined-files.txt 2010-07-24 04:49

Pre-Run: 36,065,853,440 bytes free
Post-Run: 36,093,976,576 bytes free

- - End Of File - - EAF71D24B46FC859B64AE602826E16AC

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Sun Jul 25, 2010 10:10 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Download the CFScript from the attachment below. Save it to your Desktop.
  • Drag the downloaded CFScript.txt in to ComboFix


  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Mon Jul 26, 2010 2:58 am

ComboFix 10-07-23.02 - Blackshear 07/25/2010 18:32:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2733 [GMT -7:00]
Running from: c:\documents and settings\Blackshear\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blackshear\Desktop\CFScript.txt

FILE ::
"c:\windows\Ocuka.bin"
"c:\windows\Pcuguqoboxeboda.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Blackshear\Local Settings\Application Data\cwfxsaqis
c:\documents and settings\Blackshear\Local Settings\Application Data\lcrjkguyh
c:\documents and settings\Blackshear\Local Settings\Application Data\sagvowvux
c:\documents and settings\Blackshear\Local Settings\Application Data\vbnipgsks
c:\windows\Ocuka.bin
c:\windows\Pcuguqoboxeboda.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-24 05:14 . 2010-07-24 07:46 -------- d-----w- c:\documents and settings\Blackshear\Application Data\vlc
2010-07-23 23:42 . 2010-07-23 23:42 -------- d-----w- c:\program files\uTorrent
2010-07-22 06:26 . 2010-07-26 01:26 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2010-07-22 04:03 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 04:03 . 2010-07-22 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 04:03 . 2010-07-22 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-22 04:03 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 03:47 . 2010-07-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-22 03:47 . 2010-07-26 01:42 766464 ----a-w- c:\windows\system32\drivers\vcjrn.sys
2010-07-22 01:00 . 2010-07-22 01:00 -------- d-----w- C:\EPSONREG
2010-07-22 00:53 . 2010-07-22 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-07-22 00:53 . 2006-12-08 09:04 76800 ----a-w- c:\windows\system32\E_FLBCDA.DLL
2010-07-22 00:53 . 2006-04-19 09:00 62976 ----a-w- c:\windows\system32\E_FD4BCDA.DLL
2010-07-22 00:52 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-22 00:52 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-22 00:52 . 2007-03-27 07:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2010-07-22 00:52 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-22 00:52 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-08 21:00 . 2010-07-08 21:00 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 01:27 . 2009-06-24 18:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-26 01:27 . 2009-06-24 18:46 -------- d-----w- c:\program files\Symantec
2010-07-26 01:27 . 2009-06-24 21:25 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-26 01:27 . 2009-06-24 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-26 01:26 . 2009-08-07 05:57 -------- d-----w- c:\documents and settings\Blackshear\Application Data\TweakNow PowerPack 2009
2010-07-26 01:25 . 2010-06-22 03:21 -------- d-----w- c:\program files\Opera
2010-07-26 01:24 . 2009-06-24 18:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 01:16 . 2010-05-04 04:16 63488 ----a-w- c:\documents and settings\Blackshear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-26 01:16 . 2009-06-24 22:18 117760 -c--a-w- c:\documents and settings\Blackshear\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 08:34 . 2009-06-27 02:25 -------- d-----w- c:\documents and settings\Blackshear\Application Data\uTorrent
2010-07-22 21:34 . 2009-06-24 17:50 -------- d-----w- c:\program files\Java
2010-07-22 20:56 . 2009-12-09 08:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-22 03:53 . 2010-01-11 02:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-22 00:59 . 2010-07-22 00:58 -------- d-----w- c:\program files\epson
2010-07-14 23:12 . 2009-06-24 22:19 -------- d-----w- c:\documents and settings\Blackshear\Application Data\Hewlett-Packard
2010-07-10 23:09 . 2010-05-06 08:32 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 23:09 . 2010-05-06 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 23:09 . 2009-06-28 00:35 -------- d-----w- c:\program files\DivX
2010-07-10 23:09 . 2010-07-10 23:09 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 23:09 . 2010-07-10 23:09 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 23:08 . 2010-06-03 22:22 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 23:08 . 2010-05-06 08:31 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 23:08 . 2010-05-06 08:31 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-08 21:01 . 2009-10-31 07:19 -------- d-----w- c:\program files\iTunes
2010-07-08 21:00 . 2009-06-24 19:45 -------- d-----w- c:\program files\Common Files\Apple
2010-07-08 20:54 . 2009-06-24 19:46 -------- d-----w- c:\program files\Bonjour
2010-07-08 20:48 . 2010-07-08 20:48 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-14 14:31 . 2009-06-24 11:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 04:57 . 2010-05-06 08:31 500400 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe
2010-06-12 10:27 . 2010-06-12 10:09 -------- d-----w- c:\documents and settings\Blackshear\Application Data\DAEMON Tools Lite
2010-06-12 10:10 . 2010-06-12 10:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-12 10:09 . 2010-06-12 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-06-04 21:51 . 2009-06-28 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 01:14 . 2009-06-28 00:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-04 01:14 . 2010-06-04 01:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-04 01:14 . 2010-06-04 01:14 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-04 01:13 . 2010-06-04 01:13 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 01:12 . 2010-06-04 01:12 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 11:55 . 2010-06-12 10:35 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-06-12 10:35 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-06-12 10:34 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 18:41 . 2010-06-12 10:34 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41 . 2010-06-12 10:34 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-22 22:35 . 2010-05-22 22:35 503808 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\msvcp71.dll
2010-05-22 22:35 . 2010-05-22 22:35 499712 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\jmc.dll
2010-05-22 22:35 . 2010-05-22 22:35 348160 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7c548012-n\msvcr71.dll
2010-05-22 22:35 . 2010-05-22 22:35 61440 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2afbfa43-n\decora-sse.dll
2010-05-22 22:35 . 2010-05-22 22:35 12800 -c--a-w- c:\documents and settings\Blackshear\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2afbfa43-n\decora-d3d.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2009-06-24 11:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 08:31 . 2010-05-06 08:31 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 57409 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 52963 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 54073 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-06 08:31 . 2010-05-06 08:31 56969 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-05 20:38 . 2010-05-05 20:38 21035 -c--a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-02 05:22 . 2009-06-24 11:33 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2009-06-28 00:36 133616 -c----w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2009-06-24 18:14 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2009-06-24 18:14 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2004-07-13 09:03 45648 -c----w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\vcjrn.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 766464
Created time: 2010-07-22 03:47
Modified time: 2010-07-26 01:32
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]
"Google Update"="c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2010-5-12 1261568]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Documents and Settings\\Blackshear\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\NETGEAR\\WG111v2\\WG111v2.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 67656]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [5/12/2010 12:19 PM 194304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/12/2010 3:10 AM 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - vcjrn
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009Core.job
- c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 04:56]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336825795-975779247-2064553283-1009UA.job
- c:\documents and settings\Blackshear\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-09 04:56]

2010-07-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-06-24 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-25 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vcjrn]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\RtlGina2.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\SOUNDMAN.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-25 18:47:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-26 01:47
ComboFix2.txt 2010-07-24 04:49

Pre-Run: 41,028,132,864 bytes free
Post-Run: 41,019,219,968 bytes free

- - End Of File - - 60EA97DD31561492F285052A3B78E698
Thank You!

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Mon Jul 26, 2010 8:20 am

1. ComboFix re-run
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in bold/italic below into it:

    killall::

    File::
    c:\windows\system32\drivers\vcjrn.sys

    Reboot::



  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

2. Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

3. Post logs

Make sure to post these logs for my review:
  • ComboFix log
  • ESET Scan log

Also, let me know how your computer is running.

Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Update: FML

Post by Scoobydont on Mon Jul 26, 2010 7:21 pm

I turned on the machine this morning. Windows loaded, I got to my desktop. All icons were present, so far so good. Then, the system abruptly crashed and rebooted. Now, I get to the black screen telling me,

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.

If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.

If a previous startup attempt was interrupted due to a power failure or because the Power or Reset button was pressed, or if you aren't sure what caused the problem, choose Start Windows
Normally.

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Last Known Good Configuration (your most recent settings that worked) Start Windows Normally

Use the up and down arrow keys to move the highlight to your choice.

Seconds until Windows starts: 30


No changes were made to the hardware/software that I know of. If I attempt to start windows in safe mode, it begins to load, and then freezes. Forcing me to start the process again. ARRRRRRRRRRRGGGGGGGGG! Any ideas? :sad:

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Mon Jul 26, 2010 8:13 pm

I've noticed that when I try to boot in safe mode from the screen mentioned in my last post, I start my computer in safe mode, and it always stops/hangs on ispnp.sys. A little research makes me wonder if it is a problem with pciide.sys which is loaded after isapnp.sys?

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Tue Jul 27, 2010 4:46 am

Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1.Please reboot in to the Windows Recovery Console.

2.You must enter which Windows installation to log onto. Type 1 and press Enter.

3.At the C:\Windows prompt, type the following bolded command, and press Enter:

set allowallpaths = true

4.At the next prompt type without the quotes "cd erdnt\subs" and hit Enter.

5.At the next prompt, please type in the following without the quotes: "batch erdnt.con" and hit Enter.

The erunt backups should begin copying backup files. At the next prompt after it is complete, Type exit.

kindly reboot your pc and tell me if Windows is loading now


Last edited by DragonMaster Jay on Wed Jul 28, 2010 9:24 pm; edited 1 time in total


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Tue Jul 27, 2010 5:41 am

This particular machine uses the HP Recovery Console which as far as I can tell is automated. Let me think

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Tue Jul 27, 2010 5:49 am

This is the Recovery Console I am talking about:



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Warning: Noob Alert

Post by Scoobydont on Tue Jul 27, 2010 6:00 am

How do I get to that? Cheesy Grin (sparkly

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Tue Jul 27, 2010 6:15 pm

That is one of the first screens you see as you are booting up your computer.

Go to Start > Turn Off Computer, then click on Restart.

When you see the screen for the OS selection menu like above, then hit the down arrow key to select the Recovery Console.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Wed Jul 28, 2010 12:34 am

OK...When I boot up the computer that's not a screen I get with this machine. I get a quick glimpse of the blue screen where I could use F8 to access safe mode etc. or use the recovery console then the black Windows load screeen with a blue, flashing progress bar beneath the Windows logo.

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Wed Jul 28, 2010 9:02 pm

Download [You must be registered and logged in to see this link.] and save it somewhere you can find it.

Download [You must be registered and logged in to see this link.] and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

In the upper right pane, double click on the i386 folder to expand it. In the toolbar menu, click on the "Add File" icon (just under "Total Size: 7M") and navigate to C:\Windows\System32...locate and select userinit.exe...click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Wed Jul 28, 2010 9:11 pm

I think I've failed. Long story short, the HP recovery console was run. Is all hope now lost? Say it ain't so. Sad tearing

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Wed Jul 28, 2010 9:25 pm

If you ran that, then probably yes.

I was talking about the Windows Recovery Console. ComboFix already installs the Windows Recovery Console, which is a type of Windows boot mode to run commands through a backdoor in Windows, so we can get the system disinfected without any services or processes running.

Since you could not see it in the screenshot I showed you, on your system, I posted a good idea to get a CD which already had the Windows Recovery Console on it.

It was highly important to only start up the Windows Recovery Console, as I had pointed out.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Scoobydont on Wed Jul 28, 2010 10:15 pm

Yes, I thought that may be the case. My son is home right now and after telling him about my computer woes, he "took a look", and this is the result.

From what he says, the files are all there still. I won't know for sure what the situation is until after work. Thanks so much for the help this far Jay. This has been very frustrating.

Scoobydont
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-07-22
OS OS : XP
Points Points : 23493
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware Doctor Infection?

Post by Dr Jay on Wed Jul 28, 2010 10:38 pm

If you require no more help, then please read my prevention tips article:

See [You must be registered and logged in to see this link.].

To uninstall ComboFix, if it is still installed:

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum