A varient of Win32

View previous topic View next topic Go down

A varient of Win32

Post by TheBlackScepter on 17th August 2010, 12:34 pm

When running my ESET scanner, it picked up WIN32 viruses. Once the scan was finished it was removed from the computer, however, my Java and Adobe will not update. When I try to update it says there is an installation already in progress, when there clearly is not. Could the virus be blocking the rest of my updates? Did the ESET only remove bits of it? Can you help me out with this?

My computer model is a Windows Vista, it is protected with Avast and has Malwarebytes Anti-Malware.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 18th August 2010, 6:01 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 18th August 2010, 2:38 pm

here are the logs

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4445

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/18/2010 10:35:22 AM
mbam-log-2010-08-18 (10-35-22).txt

Scan type: Quick scan
Objects scanned: 141581
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 18th August 2010, 6:18 pm

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe.
  • Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  • Go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 18th August 2010, 11:37 pm

RootRepeal is not working, I attempted to scan with it four times and in the middle of scanning it crashes. It pulls up an error screen, but it's blank and there is nothing written on it. When I hit X the entire thing crashes. This has happened four times I attempted to scan with it.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 19th August 2010, 7:15 pm

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 19th August 2010, 8:28 pm

Here are the logs

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x883AD4B0 [12] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x87CC5520 [400] C:\WINDOWS\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x88393B68 [408] C:\WINDOWS\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x883A7700 [480] C:\WINDOWS\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x87CE0478 [504] C:\WINDOWS\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x876B55E0 [556] C:\WINDOWS\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x87F2F5F0 [564] C:\WINDOWS\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x87CF9608 [600] C:\WINDOWS\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x87FF9D90 [628] C:\WINDOWS\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x87FF8D90 [636] C:\WINDOWS\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x884C6020 [764] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc., ArcSoft Connect Service)
0x87FF9B00 [776] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8809DD90 [824] C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 186.44)
0x880039C8 [852] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x880EA6C8 [948] C:\WINDOWS\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x882FC598 [976] C:\Program Files\HP\Button Manager\BM.exe (-, HP Button Manager MFC Application)
0x880B2D90 [1004] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x881185A0 [1044] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88124020 [1072] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8828E5A0 [1120] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x85051D90 [1132] C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation, Internet Explorer)
0x886B4020 [1164] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x88258760 [1184] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc., ArcSoft Connect Daemon)
0x88153588 [1208] C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x88184D90 [1240] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x888141D8 [1296] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios, WinPatrol System Monitor)
0x8818F2A8 [1324] C:\WINDOWS\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 186.44)
0x884B9B30 [1360] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x87739808 [1456] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x881F82E0 [1584] C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software, avast! Antivirus updating service)
0x88130328 [1600] C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software, avast! antivirus service)
0x88210CE8 [1608] C:\WINDOWS\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x88235398 [1800] C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe (Microsoft Corp., MSN® Toolbar)
0x884B5BB8 [1812] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x882D48F8 [1884] C:\WINDOWS\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x883472D8 [1960] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8823DC00 [2028] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0x884CA590 [2096] C:\WINDOWS\System32\lxdmcoms.exe ( , Printer Communication System)
0x881322C0 [2104] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software, avast! service GUI component)
0x8844DD68 [2112] C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe (ArcSoft, Inc., MgiSvr)
0x884EAD90 [2172] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x884F0478 [2192] C:\WINDOWS\SMINST\BLService.exe (-, STServices)
0x88532D90 [2244] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
0x88338BF8 [2276] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x885C4418 [2356] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88222CA0 [2380] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation, Microsoft Default Manager)
0x8855B020 [2400] C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation, ViewMgr)
0x88561D90 [2452] C:\WINDOWS\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88559448 [2488] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x8856DCD8 [2528] C:\WINDOWS\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x88584020 [2584] C:\WINDOWS\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
0x8858D5C0 [2620] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x88243020 [2636] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe (-, Printer Device Monitor)
0x885AAD90 [2644] C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc., Network Magic Service)
0x88245D90 [2704] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe (-, Printer Card Transfer Monitor)
0x88236D90 [2740] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x87D09D90 [3004] C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
0x88242A20 [3020] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x883D5690 [3044] C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe (ArcSoft, Inc., ArcSoft Magic-i File)
0x88877210 [3168] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x886603A0 [3232] C:\WINDOWS\servicing\TrustedInstaller.exe (Microsoft Corporation, Windows Modules Installer)
0x8827E598 [3256] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
0x88262598 [3368] C:\WINDOWS\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x885359F0 [3372] C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software, avast! e-Mail Scanner Service)
0x88685588 [3396] C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software, avast! Web Scanner)
0x88468AD8 [3408] C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe (-, TrayMin MFC Application)
0x88473990 [3496] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (-, HpqToaster Module)
0x88546588 [3800] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc., ArcSoft Connect Notifier)
0x84F16020 [3812] C:\WINDOWS\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x8685A020 [3876] C:\WINDOWS\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x8504B9F0 [3904] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard, HP Health Check Service)
0x86782BE8 [3912] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x884866D0 [3920] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp., HP QuickPlay Resident Program)
0x8859F6A8 [3940] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P., Module to process WiFi messages.)
0x886B3598 [4000] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P., Quick Launch Buttons)
0x88133988 [4008] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard, hpwuSchd Application)
0x876C8758 [4024] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P., HPWAMain Module)
0x88133548 [4032] C:\Program Files\Winamp\winampa.exe
0x87D073A0 [4040] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc., Network Magic Application)
0x88109550 [4084] C:\WINDOWS\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation, Registry Monitor)
0x8870C398 [4124] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P., Com for QLB application)
0x84D37598 [4264] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x85426A08 [4312] C:\WINDOWS\System32\MustBeRandomlyNamed\uj5n5ecw3cx1a2dSc.exe (UG North, RKULE, SR2 Normandy)
0x84D19AC0 [4364] C:\WINDOWS\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x84D8D180 [4688] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x84E2A2C8 [4760] C:\WINDOWS\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x84D9C830 [4844] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc., Synaptics Pointing Device Helper)
0x84E285A0 [4972] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x84EE0988 [5816] C:\WINDOWS\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x847A4A90 [4] System
0x8814E020 [1172] C:\WINDOWS\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8F20C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9793536 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.44 )
0x81E4D000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E4D000 PnpManager 3903488 bytes
0x81E4D000 RAW 3903488 bytes
0x81E4D000 WMIxWDM 3903488 bytes
0x97A50000 Win32k 2109440 bytes
0x97A50000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A206000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8A80A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8A402000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90403000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8EE0E000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1036288 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8A60B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8FE0B000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x80462000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA02EF000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A005000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0x90506000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9C80E000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EF0B000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89C02000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x89E74000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x8A573000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80542000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x89F76000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9C91A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x89D3C000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x8A33E000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0xA0285000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x89DA6000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x806D9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9066B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80605000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80421000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x89CE3000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8A1AA000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8A793000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x906EE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A0DF000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
0x8A538000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA020D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A922000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FBC4000 C:\Windows\system32\drivers\CHDRT32.sys 221184 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8FB7E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E1A000 ACPI_HAL 208896 bytes
0x81E1A000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A168000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9061A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8A742000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8FF33000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8EFAC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A11B000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
0x8A50D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FF09000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C8CE000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8A987000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065C000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xA025E000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89E0E000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x805CB000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8EFD9000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FF8F000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9074B000 C:\Windows\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0x8079A000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9C9D2000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8A3D7000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
0x807DE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A147000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x907DF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x89CAB000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C987000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x80692000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x807C3000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
0x8A6F5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x907A5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8077F000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
0x89F3A000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
0x89CC9000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
0x80765000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x9C9A4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A7E8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x89F54000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
0xA0246000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x907C0000 C:\Windows\system32\DRIVERS\aswMonFlt.sys 94208 bytes (ALWIL Software, avast! File System Minifilter for Windows 2003/Vista)
0x90734000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FF6D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x89E48000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x89E5E000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0xA02D3000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x906B7000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x90604000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9C9BD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FFD5000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A963000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x8A3A0000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0x89E34000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0x8FFC1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9064C000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A71F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9C907000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x906DB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A9AE000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FBB3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80408000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A19A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x89F12000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x9C8BE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80755000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8FFEA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x80683000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x90796000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A978000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x806AE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A710000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FFB2000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A7D1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x806CA000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x97C90000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x906CD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A0D1000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x89FE7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x905C8000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0x8072A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x9076C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x905BB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x89D24000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x8A393000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
0x8FEFC000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x8FB71000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805BE000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x89F22000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0x89F2E000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
0x8A3B5000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
0xA03D7000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F200000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FB65000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90660000 C:\Windows\System32\Drivers\aswTdi.SYS 45056 bytes (ALWIL Software, avast! TDI Filter Driver)
0x90779000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x89D31000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
0x8A737000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8A772000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A0BC000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8A1E8000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FF84000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A3C1000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
0x8A3CC000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
0x8FF62000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8A9E8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806C0000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9078C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x89F08000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
0x89F6C000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8A0C7000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8FE00000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9C8F8000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9072A000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA03CD000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A789000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8A9BF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x905D6000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA03EB000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8A1F3000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97C70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A9F3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A800000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064B000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A7E0000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x907D7000 C:\Windows\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0x89CA3000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80419000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8074D000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x90784000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80654000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A781000 C:\Windows\system32\DRIVERS\nvsmu.sys 32768 bytes (NVIDIA Corporation, NVIDIA nForce(TM) SMU Microcontroller Driver)
0x905ED000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EE00000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FEEF000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8A95B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x807BB000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x8A91A000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0xA03E3000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8073F000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x80746000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x905E6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x905F6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80723000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x905DF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80738000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A600000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8FEF7000 C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys 20480 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0x8A732000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x9C902000 C:\Windows\system32\DRIVERS\pnarp.sys 20480 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0x906B3000 C:\Windows\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0x8A77D000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA02EB000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x806BD000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FB63000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.44 )
0x8FFFA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8A9FC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00340000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x8504B9F0 ] PID: 3904, 110592 bytes
0x61A10000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 1196032 bytes
0x61900000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 143360 bytes
0x62AE0000 Hidden Image-->System.Windows.dll [ EPROCESS 0x88235398 ] PID: 1800, 1470464 bytes
0x64DD0000 Hidden Image-->System.Windows.Browser.dll [ EPROCESS 0x88235398 ] PID: 1800, 151552 bytes
0x63660000 Hidden Image-->mscorlib.dll [ EPROCESS 0x88235398 ] PID: 1800, 1601536 bytes
0x651B0000 Hidden Image-->System.Net.dll [ EPROCESS 0x88235398 ] PID: 1800, 233472 bytes
0x61CE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 2375680 bytes
0x63030000 Hidden Image-->system.dll [ EPROCESS 0x88235398 ] PID: 1800, 241664 bytes
0x62050000 Hidden Image-->System.Xml.dll [ EPROCESS 0x88235398 ] PID: 1800, 331776 bytes
0x00920000 Hidden Image-->app4r.monitor.common.dll [ EPROCESS 0x88245D90 ] PID: 2704, 36864 bytes
0x62F10000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 380928 bytes
0x60ED0000 Hidden Image-->System.Runtime.Serialization.dll [ EPROCESS 0x88235398 ] PID: 1800, 421888 bytes
0x620B0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 4460544 bytes
0x00950000 Hidden Image-->app4r.monitor.core.dll [ EPROCESS 0x88245D90 ] PID: 2704, 45056 bytes
0x629A0000 Hidden Image-->System.Core.dll [ EPROCESS 0x88235398 ] PID: 1800, 544768 bytes
0x63070000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 6197248 bytes
0x62A30000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 659456 bytes
0x62D90000 Hidden Image-->System.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 671744 bytes
0x00A80000 Hidden Image-->app4r.devmons.mcmdevmon.dll [ EPROCESS 0x88245D90 ] PID: 2704, 69632 bytes
0x61BB0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x88235398 ] PID: 1800, 847872 bytes
0x61F30000 Hidden Image-->System.ServiceModel.Web.dll [ EPROCESS 0x88235398 ] PID: 1800, 86016 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EF57AA-->81EF57B1 [ntkrnlpa.exe]
[2620]YahooAUService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x00467054-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x00467088-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x00467090-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00467004-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00467084-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0046707C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x00467138-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x004670C8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004670D8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x00467250-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x004670AC-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x00467108-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004670F0-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->kernel32.dll-->MoveFileA, Type: IAT modification 0x00467254-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6D641258-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6D641268-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6D641274-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6D641254-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6D64125C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2620]YahooAUService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2620]YahooAUService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 19th August 2010, 8:34 pm

Please download MySystem-Search from one of the following links:
  • Save the file to your Desktop.
  • Double-click on mss.exe
  • Allow it to run, and follow the prompts.
  • Once done, it will launch a log.
  • Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 19th August 2010, 11:35 pm

here are the logs you wanted

MySystem-Search


MSS v1.7


Basic System Information

Username: Nick F - Date: 08/19/2010 - Time: 19:30:34

Microsoft Windows [Version 6.0.6002]
Processor type: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
Total processors: 2
Computer Name: NICKF-PC
Logon Server: \\NICKF-PC


CD Emulation Drivers running?



Peer-to-Peer applications?

uTorrent found!


Security Tools Check

CCleaner
Malwarebytes' Anti-Malware
SpywareBlaster


File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile


Running processes

PROCESS PID PRIO PATH
Dwm.exe 3128 High C:\Windows\system32\Dwm.exe
taskeng.exe 3136 Normal C:\Windows\system32\taskeng.exe
Explorer.EXE 3196 Normal C:\Windows\Explorer.EXE
SynTPEnh.exe 3400 Above Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService.exe 3432 Normal C:\Program Files\HP\QuickPlay\QPService.exe
QLBCTRL.exe 3464 Normal C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
hpwuSchd2.exe 3488 Normal C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
HPWAMain.exe 3504 Normal C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
winampa.exe 3576 Normal C:\Program Files\Winamp\winampa.exe
nmapp.exe 3600 Normal C:\Program Files\Pure Networks\Network Magic\nmapp.exe
ashDisp.exe 3628 Normal C:\Program Files\Alwil Software\Avast4\ashDisp.exe
Monitor.exe 3636 Normal C:\WINDOWS\Philips\SPC230NC\Monitor.exe
DefMgr.exe 3648 Normal C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
mswinext.exe 3656 Normal C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
ACDaemon.exe 3664 Normal C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
lxdmmon.exe 3680 Normal C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
lxdmamon.exe 3696 Normal C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
jusched.exe 3764 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
AdobeARM.exe 3788 Normal C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
WinPatrol.exe 3796 Normal C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
iTunesHelper.exe 3804 Normal C:\Program Files\iTunes\iTunesHelper.exe
sidebar.exe 3812 Normal C:\Program Files\Windows Sidebar\sidebar.exe
wmpnscfg.exe 3920 Normal C:\Program Files\Windows Media Player\wmpnscfg.exe
BM.exe 4000 Normal C:\Program Files\HP\Button Manager\BM.exe
Magic-i.exe 4052 Normal C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
TrayMin230.exe 4072 Normal C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
ArcCon.ac 2432 Normal C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
ONENOTEM.EXE 2504 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
WiFiMsg.EXE 5128 Normal C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
HpqToaster.exe 5356 Normal C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
sidebar.exe 5620 Normal C:\Program Files\Windows Sidebar\sidebar.exe
wuauclt.exe 4144 Normal C:\Windows\system32\wuauclt.exe
mss.exe 5172 Normal C:\Users\Nick F\Desktop\mss.exe
cmd.exe 4344 Normal C:\Windows\system32\cmd.exe
DllHost.exe 3032 Normal C:\Windows\system32\DllHost.exe
pv.exe 5216 Normal C:\Users\Nick F\Desktop\pv.exe


User Profile check

Nick F
Public


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-793119741-2129845184-1757939079-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Nick F
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 010500000000000515000000FD0B462FC0DBF27E8705C868E8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0



Current Scheduled Tasks

PATH: C:\Windows\Tasks

HPCeeScheduleForNick F.job
SCHEDLGU.TXT
SA.DAT


Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 700C-0D89

Directory of C:\Windows\System32\Drivers

03/05/2009 05:56 PM 0 103C_HP_cNB_Presario CQ50 Notebook PC_Y5335KV_0U_Q3CG8411Y17_E480060-001_4A_I360A_SWistron_V08.40_F.24_T080903_WV3-1_L409_M1790_J160_7AMD_8F31_91.90_#090305_N168C001C;10DE0760_(FS051UAR#ABA)_XMOBILE_CN10_Z_2F.24.MRK
02/11/2009 11:54 AM 0 Msft_Kernel_SynTP_01000.Wdf
06/24/2008 09:53 PM 0 Msft_User_WpdFs_01_00_00.Wdf
11/23/2009 07:58 PM 0 Msft_User_WpdFs_01_07_00.Wdf
03/19/2009 03:51 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
11/23/2009 07:58 PM 0 Msft_User_WpdMtpDr_01_07_00.Wdf
6 File(s) 0 bytes
0 Dir(s) 62,267,518,976 bytes free
Volume in drive C has no label.
Volume Serial Number is 700C-0D89

Directory of C:\Windows\System32\Drivers

06/18/2006 03:26 PM 12,672 mdmxsdk.sys
09/18/2006 02:26 PM 3,440,660 gm.dls
09/18/2006 02:26 PM 646 gmreadme.txt
11/01/2006 11:37 PM 20,480 secdrv.sys
11/02/2006 12:30 AM 464,384 BCMWL6.SYS
11/02/2006 12:30 AM 429,056 nvm60x32.sys
11/02/2006 12:36 AM 235,520 HdAudio.sys
11/02/2006 12:36 AM 20,608 ntrigdigi.sys
11/02/2006 01:24 AM 62,336 BrSerWdm.sys
11/02/2006 01:24 AM 12,160 BrUsbMdm.sys
11/02/2006 01:24 AM 13,568 BrFiltLo.sys
11/02/2006 01:24 AM 5,248 BrFiltUp.sys
11/02/2006 01:24 AM 11,904 BrUsbSer.sys
11/02/2006 01:25 AM 71,808 BrSerId.sys
11/02/2006 01:51 AM 8,704 parvdm.sys
11/02/2006 01:51 AM 17,920 serenum.sys
11/02/2006 01:51 AM 83,456 serial.sys
11/02/2006 01:51 AM 79,360 parport.sys
11/02/2006 01:51 AM 13,312 sfloppy.sys
11/02/2006 01:52 AM 20,608 wacompen.sys
11/02/2006 01:55 AM 21,504 hidir.sys
11/02/2006 01:55 AM 68,608 usbcir.sys
11/02/2006 01:55 AM 53,376 1394bus.sys
11/02/2006 01:55 AM 62,080 ohci1394.sys
11/02/2006 01:55 AM 29,184 hidbth.sys
11/02/2006 01:55 AM 39,936 bthmodem.sys
11/02/2006 02:04 AM 878,080 PEAuth.sys
11/02/2006 02:49 AM 31,848 sym_hi.sys
11/02/2006 02:49 AM 33,384 Mraid35x.sys
11/02/2006 02:50 AM 34,920 sym_u3.sys
11/02/2006 02:50 AM 35,944 symc8xx.sys
11/02/2006 02:50 AM 35,944 iteatapi.sys
11/02/2006 02:50 AM 35,944 iteraid.sys
11/02/2006 02:50 AM 71,272 djsvs.sys
11/02/2006 02:50 AM 76,392 sbp2port.sys
11/02/2006 02:50 AM 41,576 iirsp.sys
11/02/2006 02:50 AM 45,160 nfrd960.sys
11/02/2006 02:50 AM 98,408 ulsata.sys
11/02/2006 02:50 AM 106,088 ql40xx.sys
11/02/2006 02:51 AM 167,528 pcmcia.sys
11/02/2006 07:09 AM 1,419,232 wdfcoinstaller01005.dll
11/10/2006 04:05 PM 18,688 afc.sys
03/23/2007 11:01 AM 25,792 pnarp.sys
06/18/2007 05:12 PM 16,768 HpqKbFiltr.sys
07/02/2007 04:08 PM 17,664 ArcSoftVirtualCapture.sys
07/11/2007 10:30 AM 7,168 HpqRemHid.sys
08/02/2007 12:40 PM 143,792 HSFProf.cty
09/26/2007 02:28 PM 8,576 PAEAFLT.sys
10/17/2007 04:36 PM 8,704 XAudio.sys
10/17/2007 04:37 PM 386,560 XAudio.exe
10/31/2007 06:47 PM 661,504 HSX_CNXT.sys
10/31/2007 06:47 PM 208,896 HSXHWAZL.sys
10/31/2007 06:51 PM 985,600 HSX_DPV.sys
12/31/2007 04:19 PM 461,056 SPC230NC.SYS
01/16/2008 11:17 PM 3,948 nvphy.bin
01/20/2008 07:23 PM 6,656 errdev.sys
01/20/2008 07:23 PM 11,264 wmiacpi.sys
01/20/2008 07:23 PM 28,216 battc.sys
01/20/2008 07:23 PM 20,792 compbatt.sys
01/20/2008 07:23 PM 41,472 intelppm.sys
01/20/2008 07:23 PM 41,472 viac7.sys
01/20/2008 07:23 PM 44,032 amdk8.sys
01/20/2008 07:23 PM 41,472 amdk7.sys
01/20/2008 07:23 PM 40,960 crusoe.sys
01/20/2008 07:23 PM 40,960 processr.sys
01/20/2008 07:23 PM 17,976 intelide.sys
01/20/2008 07:23 PM 28,728 msahci.sys
01/20/2008 07:23 PM 19,000 cmdide.sys
01/20/2008 07:23 PM 17,464 aliide.sys
01/20/2008 07:23 PM 20,024 viaide.sys
01/20/2008 07:23 PM 17,976 amdide.sys
01/20/2008 07:23 PM 55,864 SISAGP.SYS
01/20/2008 07:23 PM 15,288 swenum.sys
01/20/2008 07:23 PM 60,984 ULIAGPKX.SYS
01/20/2008 07:23 PM 109,112 NV_AGP.SYS
01/20/2008 07:23 PM 31,288 mssmbios.sys
01/20/2008 07:23 PM 56,376 AGP440.sys
01/20/2008 07:23 PM 16,440 msisadrv.sys
01/20/2008 07:23 PM 49,720 isapnp.sys
01/20/2008 07:23 PM 52,792 volmgr.sys
01/20/2008 07:23 PM 56,888 VIAAGP.SYS
01/20/2008 07:23 PM 57,400 AMDAGP.SYS
01/20/2008 07:23 PM 248,832 rdpdr.sys
01/20/2008 07:23 PM 45,568 blbdrive.sys
01/20/2008 07:23 PM 26,112 vgapnp.sys
01/20/2008 07:23 PM 30,264 i2omp.sys
01/20/2008 07:23 PM 19,000 i2omgmt.sys
01/20/2008 07:23 PM 23,552 usbuhci.sys
01/20/2008 07:23 PM 5,888 usbd.sys
01/20/2008 07:23 PM 54,784 i8042prt.sys
01/20/2008 07:23 PM 15,872 mouhid.sys
01/20/2008 07:23 PM 34,360 mouclass.sys
01/20/2008 07:23 PM 19,968 sermouse.sys
01/20/2008 07:23 PM 25,088 fdc.sys
01/20/2008 07:23 PM 20,480 flpydisk.sys
01/20/2008 07:23 PM 73,216 usbccgp.sys
01/20/2008 07:23 PM 105,016 mpio.sys
01/20/2008 07:23 PM 238,648 uliahci.sys
01/20/2008 07:23 PM 130,048 drmk.sys
01/20/2008 07:23 PM 5,632 drmkaud.sys
01/20/2008 07:23 PM 422,968 adp94xx.sys
01/20/2008 07:23 PM 45,112 nvstor.sys
01/20/2008 07:23 PM 102,968 nvraid.sys
01/20/2008 07:23 PM 94,776 msdsm.sys
01/20/2008 07:23 PM 59,448 UAGP35.SYS
01/20/2008 07:23 PM 61,496 GAGP30KX.SYS
01/20/2008 07:23 PM 41,984 monitor.sys
01/20/2008 07:23 PM 24,632 crcdisk.sys
01/20/2008 07:23 PM 342,584 elxstor.sys
01/20/2008 07:23 PM 64,512 IPMIDrv.sys
01/20/2008 07:23 PM 18,944 usbprint.sys
01/20/2008 07:23 PM 34,816 umbus.sys
01/20/2008 07:23 PM 200,704 VSTAZL3.SYS
01/20/2008 07:23 PM 141,611 VSTProf.cty
01/20/2008 07:23 PM 987,648 VSTDPV3.SYS
01/20/2008 07:23 PM 133,972 VSTDProf.cty
01/20/2008 07:23 PM 133,528 VSTEProf.cty
01/20/2008 07:23 PM 654,336 VSTCNXT3.SYS
01/20/2008 07:23 PM 141,572 VSTSProf.cty
01/20/2008 07:23 PM 96,312 lsi_scsi.sys
01/20/2008 07:23 PM 235,064 iaStorV.sys
01/20/2008 07:23 PM 12,288 sffp_mmc.sys
01/20/2008 07:23 PM 13,312 sffdisk.sys
01/20/2008 07:23 PM 11,776 sffp_sd.sys
01/20/2008 07:23 PM 115,816 ulsata2.sys
01/20/2008 07:23 PM 15,872 kbdhid.sys
01/20/2008 07:23 PM 35,384 kbdclass.sys
01/20/2008 07:23 PM 96,312 lsi_fc.sys
01/20/2008 07:23 PM 79,416 arc.sys
01/20/2008 07:23 PM 130,616 vsmraid.sys
01/20/2008 07:23 PM 79,928 arcsas.sys
01/20/2008 07:23 PM 22,072 wd.sys
01/20/2008 07:23 PM 118,784 E1G60I32.sys
01/20/2008 07:23 PM 1,122,360 ql2300.sys
01/20/2008 07:23 PM 89,656 lsi_sas.sys
01/20/2008 07:23 PM 300,600 adpahci.sys
01/20/2008 07:23 PM 41,016 sisraid2.sys
01/20/2008 07:23 PM 35,328 circlass.sys
01/20/2008 07:23 PM 134,016 usbvideo.sys
01/20/2008 07:23 PM 101,432 adpu160m.sys
01/20/2008 07:23 PM 74,808 sisraid4.sys
01/20/2008 07:23 PM 40,504 HpCISSs.sys
01/20/2008 07:23 PM 14,208 CmBatt.sys
01/20/2008 07:23 PM 25,472 hidparse.sys
01/20/2008 07:23 PM 386,616 MegaSR.sys
01/20/2008 07:23 PM 149,560 adpu320.sys
01/20/2008 07:23 PM 31,288 megasas.sys
01/20/2008 07:23 PM 35,328 usbscan.sys
01/20/2008 07:23 PM 9,216 serscan.sys
01/20/2008 07:23 PM 31,232 qwavedrv.sys
01/20/2008 07:23 PM 12,288 bdasup.sys
01/20/2008 07:23 PM 17,976 wmilib.sys
01/20/2008 07:23 PM 110,080 videoprt.sys
01/20/2008 07:23 PM 57,400 mountmgr.sys
01/20/2008 07:23 PM 6,144 beep.sys
01/20/2008 07:23 PM 7,680 umpass.sys
01/20/2008 07:23 PM 4,608 null.sys
01/20/2008 07:23 PM 22,528 msfs.sys
01/20/2008 07:23 PM 70,144 cdfs.sys
01/20/2008 07:23 PM 503,864 Wdf01000.sys
01/20/2008 07:23 PM 35,896 WdfLdr.sys
01/20/2008 07:23 PM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/20/2008 07:23 PM 69,632 bowser.sys
01/20/2008 07:23 PM 13,312 irenum.sys
01/20/2008 07:23 PM 142,904 scsiport.sys
01/20/2008 07:24 PM 58,936 fileinfo.sys
01/20/2008 07:24 PM 17,408 asyncmac.sys
01/20/2008 07:24 PM 20,992 tdi.sys
01/20/2008 07:24 PM 6,144 RDPCDD.sys
01/20/2008 07:24 PM 12,800 fs_rec.sys
01/20/2008 07:24 PM 29,184 tdtcp.sys
01/20/2008 07:24 PM 17,920 tdpipe.sys
01/20/2008 07:24 PM 21,048 spldr.sys
01/20/2008 07:24 PM 11,776 rasacd.sys
01/20/2008 07:24 PM 35,840 netbios.sys
01/20/2008 07:24 PM 27,648 filetrace.sys
01/20/2008 07:24 PM 13,312 dxapi.sys
01/20/2008 07:24 PM 62,464 wanarp.sys
01/20/2008 07:24 PM 49,664 ndproxy.sys
01/20/2008 07:24 PM 20,992 ndistapi.sys
01/20/2008 07:24 PM 100,864 ipnat.sys
01/20/2008 07:24 PM 15,360 TUNMP.SYS
01/20/2008 07:24 PM 95,744 irda.sys
01/20/2008 07:24 PM 60,416 rspndr.sys
01/20/2008 07:24 PM 47,104 lltdio.sys
01/20/2008 07:24 PM 84,480 luafv.sys
01/20/2008 07:24 PM 24,576 tape.sys
01/20/2008 07:24 PM 47,616 ipfltdrv.sys
01/20/2008 07:24 PM 18,944 mcd.sys
01/20/2008 07:24 PM 16,384 nsiproxy.sys
01/20/2008 07:24 PM 15,872 ws2ifsl.sys
01/20/2008 07:24 PM 64,000 mpsdrv.sys
01/20/2008 07:24 PM 8,192 rootmdm.sys
01/20/2008 07:24 PM 6,144 RDPENCDD.sys
01/20/2008 07:24 PM 25,088 vga.sys
01/20/2008 07:24 PM 8,192 mskssrv.sys
01/20/2008 07:24 PM 5,504 mspqm.sys
01/20/2008 07:24 PM 6,016 mstee.sys
01/20/2008 07:24 PM 5,888 mspclock.sys
01/20/2008 07:24 PM 16,896 ndisuio.sys
01/20/2008 07:24 PM 17,408 smclib.sys
01/20/2008 07:24 PM 62,976 raspptp.sys
01/20/2008 07:24 PM 76,288 rasl2tp.sys
01/20/2008 07:24 PM 31,744 modem.sys
01/20/2008 07:24 PM 83,328 WUDFRd.sys
01/20/2008 07:24 PM 51,200 WUDFPf.sys
01/20/2008 07:24 PM 23,552 tssecsrv.sys
01/29/2008 06:55 AM 1,042,464 nvmfdx32.sys
04/17/2008 07:07 AM 203,776 CHDRT32.sys
04/17/2008 11:05 AM 199,344 SynTP.sys
04/24/2008 03:51 PM 14,848 nvsmu.sys
04/27/2008 12:07 PM 909,824 athr.sys
05/03/2008 05:39 AM 42,528 nvhda32v.sys
02/05/2009 01:06 PM 23,152 aswRdr.sys
02/05/2009 01:06 PM 51,376 aswTdi.sys
02/05/2009 01:06 PM 51,792 aswMonFlt.sys
02/05/2009 01:07 PM 20,560 aswFsBlk.sys
02/05/2009 01:07 PM 114,768 aswSP.sys
04/10/2009 07:52 PM 684,032 spsys.sys
04/10/2009 09:13 PM 142,848 fastfat.sys
04/10/2009 09:13 PM 136,704 exfat.sys
04/10/2009 09:13 PM 226,816 udfs.sys
04/10/2009 09:14 PM 35,328 npfs.sys
04/10/2009 09:14 PM 75,264 dfsc.sys
04/10/2009 09:14 PM 225,280 rdbss.sys
04/10/2009 09:14 PM 114,688 mrxdav.sys
04/10/2009 09:22 PM 33,280 watchdog.sys
04/10/2009 09:23 PM 76,288 dxg.sys
04/10/2009 09:38 PM 149,504 ks.sys
04/10/2009 09:39 PM 19,456 Diskdump.sys
04/10/2009 09:39 PM 67,072 cdrom.sys
04/10/2009 09:42 PM 561,152 hdaudbus.sys
04/10/2009 09:42 PM 52,992 stream.sys
04/10/2009 09:42 PM 39,424 hidclass.sys
04/10/2009 09:42 PM 12,800 hidusb.sys
04/10/2009 09:42 PM 167,936 portcls.sys
04/10/2009 09:42 PM 19,456 usbohci.sys
04/10/2009 09:42 PM 39,936 usbehci.sys
04/10/2009 09:42 PM 73,216 USBAUDIO.sys
04/10/2009 09:42 PM 65,536 USBSTOR.SYS
04/10/2009 09:42 PM 25,856 USBCAMD.sys
04/10/2009 09:42 PM 25,856 USBCAMD2.sys
04/10/2009 09:42 PM 226,304 usbport.sys
04/10/2009 09:43 PM 196,096 usbhub.sys
04/10/2009 09:43 PM 148,480 nwifi.sys
04/10/2009 09:45 PM 66,560 smb.sys
04/10/2009 09:45 PM 113,664 rmcast.sys
04/10/2009 09:45 PM 185,856 netbt.sys
04/10/2009 09:45 PM 72,192 pacer.sys
04/10/2009 09:45 PM 72,192 tdx.sys
04/10/2009 09:46 PM 33,280 RNDISMP.sys
04/10/2009 09:46 PM 15,872 usb8023.sys
04/10/2009 09:46 PM 41,472 raspppoe.sys
04/10/2009 09:46 PM 121,344 ndiswan.sys
04/10/2009 09:46 PM 69,120 rassstp.sys
04/10/2009 09:47 PM 273,920 afd.sys
04/10/2009 09:51 PM 180,736 rdpwd.sys
04/10/2009 10:42 PM 93,696 bridge.sys
04/10/2009 11:32 PM 19,944 atapi.sys
04/10/2009 11:32 PM 27,624 Dumpata.sys
04/10/2009 11:32 PM 35,304 crashdmp.sys
04/10/2009 11:32 PM 48,104 mup.sys
04/10/2009 11:32 PM 53,736 disk.sys
04/10/2009 11:32 PM 54,248 partmgr.sys
04/10/2009 11:32 PM 109,032 ataport.sys
04/10/2009 11:32 PM 99,816 FWPKCLNT.SYS
04/10/2009 11:32 PM 141,288 ecache.sys
04/10/2009 11:32 PM 125,928 Classpnp.sys
04/10/2009 11:32 PM 161,752 msrpc.sys
04/10/2009 11:32 PM 180,712 msiscsi.sys
04/10/2009 11:32 PM 223,208 netio.sys
04/10/2009 11:32 PM 265,688 acpi.sys
04/10/2009 11:32 PM 190,424 fltMgr.sys
04/10/2009 11:32 PM 527,848 ndis.sys
04/10/2009 11:32 PM 14,312 pciide.sys
04/10/2009 11:32 PM 1,083,880 ntfs.sys
04/10/2009 11:32 PM 43,496 pciidex.sys
04/10/2009 11:32 PM 53,224 termdd.sys
04/10/2009 11:32 PM 122,344 Storport.sys
04/10/2009 11:32 PM 149,480 pci.sys
04/10/2009 11:32 PM 226,280 volsnap.sys
04/10/2009 11:33 PM 292,840 volmgrx.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/15/2009 04:15 PM 439,864 ksecdd.sys
07/23/2009 09:01 PM 4,224 nvBridge.kmd
07/23/2009 09:01 PM 9,791,072 nvlddmkm.sys
09/24/2009 06:27 PM 634,880 dxgkrnl.sys
09/30/2009 06:01 PM 40,448 WpdUsb.sys
11/23/2009 07:58 PM UMDF
12/08/2009 10:26 AM 30,720 tcpipreg.sys
12/09/2009 07:53 PM en-US
12/11/2009 04:43 AM 98,816 srvnet.sys
02/18/2010 04:28 AM 25,088 tunnel.sys
02/20/2010 01:53 PM 411,648 http.sys
02/23/2010 04:10 AM 106,496 mrxsmb.sys
02/23/2010 04:10 AM 79,360 mrxsmb20.sys
02/23/2010 04:10 AM 212,992 mrxsmb10.sys
04/19/2010 08:47 PM 41,984 usbaapl.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
05/15/2010 06:47 PM etc
06/16/2010 09:04 AM 905,088 tcpip.sys
06/18/2010 08:04 AM 144,896 srv2.sys
06/18/2010 08:04 AM 302,080 srv.sys
08/19/2010 04:04 PM .
08/19/2010 04:04 PM ..
301 File(s) 48,643,924 bytes
5 Dir(s) 62,267,502,592 bytes free
Stealth malware?


Internet Explorer


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page REG_SZ [You must be registered and logged in to see this link.]
AutoHide REG_SZ yes
Default_Page_URL REG_SZ [You must be registered and logged in to see this link.]
Default_Secondary_Page_URL REG_MULTI_SZ
Default_Search_URL REG_SZ [You must be registered and logged in to see this link.]
Search Page REG_SZ [You must be registered and logged in to see this link.]
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
IE5_UA_Backup_Flag REG_SZ 5.0
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 7.0; Win32)
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
UseSchannelDirectly REG_BINARY 01000000
EnableHttp1_1 REG_DWORD 0x1
PrivDiscUiShown REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
WarnOnPost REG_BINARY 01000000
SecureProtocols REG_DWORD 0xa0
PrivacyAdvanced REG_DWORD 0x0
WarnonZoneCrossing REG_DWORD 0x0
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x1
EnableAutodial REG_DWORD 0x0
NoNetAutodial REG_DWORD 0x0
ProxyHttp1.1 REG_DWORD 0x1
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
DisableIDNPrompt REG_DWORD 0x0
DisableCachingOfSSLPages REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
ProxyOverride REG_SZ *.local
GlobalUserOffline REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Disable Script Debugger REG_SZ yes
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\Windows\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ [You must be registered and logged in to see this link.]
XMLHTTP REG_DWORD 0x1
NoUpdateCheck REG_DWORD 0x1
UseClearType REG_SZ yes
SearchMigrated REG_DWORD 0x0
Start Page REG_SZ [You must be registered and logged in to see this link.]
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3000000000000001404000002030000
FullScreen REG_SZ no
CompatibilityFlags REG_DWORD 0x0
StartPageCache REG_DWORD 0x1
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x0
DisableScriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Page_Transitions REG_DWORD 0x1
FavIntelliMenus REG_SZ no
Enable Browser Extensions REG_SZ yes
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
NotifyDownloadComplete REG_SZ yes
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Play_Animations REG_SZ yes
Play_Background_Sounds REG_SZ yes
Show image placeholders REG_DWORD 0x0
Print_Background REG_SZ no
AutoSearch REG_DWORD 0x4
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
Use FormSuggest REG_SZ no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
CustomizeSearch REG_SZ [You must be registered and logged in to see this link.]
SearchAssistant REG_SZ [You must be registered and logged in to see this link.]


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{EF99BD32-C1FB-11D2-892F-0090271D4F88} REG_BINARY 00
{21FA44EF-376D-4D53-9B0F-8A89D3229068} REG_BINARY 00
{8dcb7100-df86-4384-8842-8fa844297b3f} REG_BINARY 00



Security Center


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval REG_DWORD 0x1
FirewallDisableNotify REG_DWORD 0x0
AntiVirusDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
DisableMonitoring REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
AntiVirusOverride REG_DWORD 0x0
AntiSpywareOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
VistaSp1 REG_NONE 5CA0485DD75BC801
VistaSp2 REG_NONE 9B5EBC5C786CCA01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging



Uninstall List


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activation Assistant for the 2007 Microsoft Office suites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ActivePoint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon MP3 Downloader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Diagnostics_N
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Celtx (2.7)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_HERMOSA_HSF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fraps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Smart Web Printing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark 5000 Series
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Magic DVD Ripper_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! Live
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.8)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My HP Game Console
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Network MagicUninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Philips Intelligent Agent_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROHYBRID2R
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROHYBRIDR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SlingMedia.QPSlingPlayer_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SMALLBUSINESSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartAudio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Star Wars DroidWorks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymcData-idsdefs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent hp Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPatrol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034695
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034697
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034699
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034700
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034703
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034711
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034712
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034713
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034718
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034722
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034724
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034725
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034728
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034730
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034732
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034733
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034734
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034735
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034736
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034740
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034742
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034744
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034747
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034748
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034749
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT034943
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT035854
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT035900
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT035914
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05F350C6-FA6A-40D0-A130-FB941B39152C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E6E30D-B498-442F-A943-07DE41D7F785}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E74B9B-631F-4378-BF3A-40D868450C05}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08234a0d-cf39-4dca-99f0-0c5cb496da81}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{082702D5-5DD8-4600-BCE5-48B15174687F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{091D12F7-A074-4AFE-8401-072E8494D873}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12A76360-388E-4B27-ABEB-D5FC5378DD2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{146E206D-7D2C-493A-B431-1F1D16E822AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{172AEB5E-CBB2-4CDD-A4CF-388600825839}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{178832DE-9DE0-4C87-9F82-9315A9B03985}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{228C6B46-64E2-404E-898A-EF0830603EF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2656D0AB-9EA4-4C58-A117-635F3CED8B93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{31216452-5540-4C96-B754-94890A63D5AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{340F521E-3576-4E1A-B75C-EB0ACF751379}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34BFB099-07B2-4E95-A673-7362D60866A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B4E636E-9D65-4D67-BA61-189800823F52}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D5044A5-97B8-45C0-B956-BB2376569188}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{415B2719-AD3A-4944-B404-C472DB6085B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45D707E9-F3C4-11D9-A373-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{719842F9-FF69-4BA6-A6FE-52244575E0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AB3A249-FB81-416B-917A-A2A10E74C503}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83770D14-21B9-44B3-8689-F7B523F94560}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90850409-6000-11D3-8CFE-0150048383C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E8766951-2B6C-4022-86E8-80D2D1762B76}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98177940-C048-4831-A279-F3888B1E2C7F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{995F1E2E-F542-4310-8E1D-9926F5A279B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A07840FC-CE63-4CB8-8030-EF4B9805925A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8AC89BA-D8CB-4372-9743-1C54D23286B0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC95121F-1576-45B8-82F7-3911D27882E6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ADFB9653-F44C-460C-BF58-189CC552DFFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B640E7CC-7091-4A24-AE76-2140065D2054}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF307EDA-A176-4D83-9775-D337810CF7A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3FAEA0F-82B6-45E2-9A3D-4E49BE6C9451}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4124E95-5061-4776-8D5D-E3D931C778E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D31612BB-C6D7-4142-96AE-16DB062354CF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD3C88A0-C53C-41D0-A21B-6D021981D23E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2DFE069-083E-4631-9B6C-43C48E991DE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE5BC0BB-9EDA-423C-8276-48857B735D68}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f32502b5-5b64-4882-bf61-77f23edcac4f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F636EE9A-F9EC-4606-BCFA-77DD0E210788}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB26A501-6BA6-459B-89AA-9736730752FB}

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 19th August 2010, 11:37 pm

Adobe Products


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName REG_SZ Adobe Flash Player 10 ActiveX
DisplayVersion REG_SZ 10.0.45.2
Publisher REG_SZ Adobe Systems Incorporated
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]
VersionMajor REG_SZ 10
VersionMinor REG_SZ 0
HelpLink REG_SZ [You must be registered and logged in to see this link.]
URLUpdateInfo REG_SZ [You must be registered and logged in to see this link.]
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile REG_SZ 4.70.0.1155
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Flash Player 10 Plugin
Publisher REG_SZ Adobe Systems Incorporated
DisplayVersion REG_SZ 10.1.53.64
HelpLink REG_SZ [You must be registered and logged in to see this link.]
NoModify REG_DWORD 0x1
NoRepair REG_DWORD 0x1
RequiresIESysFile REG_SZ 4.70.0.1155
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]
URLUpdateInfo REG_SZ [You must be registered and logged in to see this link.]
VersionMajor REG_DWORD 0xa
VersionMinor REG_DWORD 0x1
UninstallString REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon REG_SZ C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize REG_DWORD 0x1800


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
DisplayName REG_SZ Adobe Shockwave Player 11.5
UninstallString REG_SZ "C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
DisplayIcon REG_SZ C:\Windows\system32\Adobe\Shockwave 11\SwInit.exe,0
DisplayVersion REG_SZ 11.5.1.601
HelpLink REG_SZ [You must be registered and logged in to see this link.]
InstallLocation REG_SZ C:\Windows\system32\Adobe
Publisher REG_SZ Adobe Systems, Inc.
URLInfoAbout REG_SZ [You must be registered and logged in to see this link.]
URLUpdateInfo REG_SZ [You must be registered and logged in to see this link.]
VersionMajor REG_DWORD 0xb
VersionMinor REG_DWORD 0x1



Autorun


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
WindowsWelcomeCenter REG_SZ rundll32.exe oobefldr.dll,ShowWelcomeCenter
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Messenger (Yahoo!) REG_SZ "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
QlbCtrl.exe REG_SZ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
hpqSRMon REG_SZ
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe"
nmapp REG_SZ "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
HP Health Check Scheduler REG_SZ c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SPC_Monitor REG_SZ C:\Windows\Philips\SPC230NC\Monitor.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SPC230NC_Monitor REG_SZ C:\Windows\Philips\SPC230NC\Monitor.exe
Microsoft Default Manager REG_SZ "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSN Toolbar REG_SZ "C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe"
ArcSoft Connection Service REG_SZ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
lxdmmon.exe REG_SZ "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe"
lxdmamon REG_SZ "C:\Program Files\Lexmark 5000 Series\lxdmamon.exe"
Lexmark 5000 Series Fax Server REG_SZ "C:\Program Files\Lexmark 5000 Series\fm3032.exe" /s
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents


Restrictions - Internet Explorer




Restrictions - REGEDIT


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools REG_DWORD 0x0



Restrictions - Explorer


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives REG_DWORD 0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


DNS Settings


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{54C08B36-FE95-4A77-9327-6B00ABA94220}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A954DE27-F7EC-4389-8169-E84D1098E16D}

Windows IP Configuration

Host Name . . . . . . . . . . . . : NickF-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Trendnet

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Trendnet
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-1F-16-45-C2-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Trendnet
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-23-4D-B4-FB-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f085:9ec9:97ba:a1ba%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 19, 2010 7:15:14 PM
Lease Expires . . . . . . . . . . : Thursday, August 26, 2010 7:15:13 PM
Default Gateway . . . . . . . . . : 192.168.10.1
DHCP Server . . . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 218112845
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-24-D6-08-00-23-4D-B4-FB-3F
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4fe:d40a:b8fd:3445(Preferred)
Link-local IPv6 Address . . . . . : fe80::4fe:d40a:b8fd:3445%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A954DE27-F7EC-4389-8169-E84D1098E16D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . : Trendnet
Description . . . . . . . . . . . : isatap.Trendnet
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.10.104%16(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Disabled


AppInit DLLs





Shell Service Object Delay Load


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}




Shell Execute Hooks


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ



Image File Execution Options


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE


Security Providers



Local Security Authority


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x27c
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x3
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache


AppCert DLLs




App Paths


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\7zFM.exe
(Default) REG_SZ C:\Program Files\7-Zip\7zFM.exe
Path REG_SZ C:\Program Files\7-Zip

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 9.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ashAvast.exe
Path REG_SZ C:\Program Files\Alwil Software\Avast4
(Default) REG_SZ C:\Program Files\Alwil Software\Avast4\ashAvast.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AskSearchAsst.exe
(Default) REG_SZ C:\Program Files\Ask Search Assistant\AskSearchAsst.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
(Default) REG_SZ C:\Program Files\CCleaner\ccleaner.exe
Path REG_SZ C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\celtx.exe
(Default) REG_SZ C:\Program Files\Celtx\celtx.exe
Path REG_SZ C:\Program Files\Celtx

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DroidWorks.exe
Path REG_SZ C:\Program Files\Lucas Learning\Star Wars DroidWorks
(Default) REG_SZ C:\Program Files\Lucas Learning\Star Wars DroidWorks\DroidWorks.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DVD Solution
Path REG_SZ C:\Program Files\CyberLink\DVD Suite
(Default) REG_SZ C:\Program Files\CyberLink\DVD Suite\CDSVersion.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdplayer.exe
Path REG_SZ C:\Program Files\ArcSoft\HP Webcam
(Default) REG_SZ C:\Program Files\ArcSoft\HP Webcam\dvdplayer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
(Default) REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe
Path REG_SZ C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPSApl.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\Common Files\HP\Digital Imaging\bin
(Default) REG_SZ C:\Program Files\HP\Digital Imaging\bin\HpqPSApl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpsapp.exe
Path REG_SZ C:\Program Files\Common Files\HP\Digital Imaging\bin
(Default) REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpse.exe
(Default) REG_SZ C:\Program Files\HP\Digital Imaging\Bin\hpqpse.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\Bin\;C:\Program Files\Common Files\HP\Digital Imaging\Bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqSRmon.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\bin\
(Default) REG_SZ C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Hpqsudi.exe
(Default) REG_SZ C:\Program Files\HP\Digital Imaging\Bin\hpqsudi.exe
Path REG_SZ C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\Common Files\HP\Digital Imaging\Bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\inkball.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Microsoft Games\inkball\inkball.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Installer.exe
Path REG_SZ C:\Program Files\Atheros
(Default) REG_SZ C:\Program Files\Atheros\Installer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
(Default) REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LabelPrint.exe
Path REG_SZ C:\Program Files\CyberLink\LabelPrint
(Default) REG_SZ C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\lxdmfax.exe
Path REG_SZ C:\Program Files\Lexmark 5000 Series
(Default) REG_SZ C:\Program Files\Lexmark 5000 Series\lxdmfax.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayerc.exe
(Default) REG_SZ "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"
Path REG_SZ "C:\Program Files\K-Lite Codec Pack\Media Player Classic"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
(Default) REG_SZ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
Path REG_SZ C:\Program Files\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\netwaiting.exe
Path REG_SZ C:\Program Files\NetWaiting
(Default) REG_SZ C:\Program Files\NetWaiting\netwaiting.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
(Default) REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Power2GO.exe
Path REG_SZ C:\Program Files\CyberLink\Power2Go
(Default) REG_SZ C:\Program Files\CyberLink\Power2Go\Power2Go.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Power2GoExpress.exe
(Default) REG_SZ C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
path REG_SZ C:\Program Files\CyberLink\Power2Go

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDirector
Path REG_SZ C:\Program Files\CyberLink\PowerDirector
(Default) REG_SZ C:\Program Files\CyberLink\PowerDirector\PDR.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerStarter
Path REG_SZ C:\Program Files\CyberLink\DVD Suite
(Default) REG_SZ C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QP.exe
Path REG_SZ C:\Program Files\HP\QuickPlay
(Default) REG_SZ C:\Program Files\HP\QuickPlay\QP.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
(Default) REG_SZ C:\Program Files\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sbase.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\sbase.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\scalc.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\scalc.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sdraw.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\sdraw.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1
(Default) REG_SZ C:\Program Files\Philips\Philips SPC230NC Webcam\Setup.exe
Path REG_SZ C:\Program Files\Philips\Philips SPC230NC Webcam

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\simpress.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\simpress.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\smath.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\smath.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SmAudio.exe
Path REG_SZ C:\Program Files\Conexant\SmartAudio

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\soffice.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\soffice.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Sprint.exe
(Default) REG_SZ C:\Program Files\Abbyy FineReader 6.0 Sprint\Sprint.exe
Path REG_SZ C:\Program Files\Abbyy FineReader 6.0 Sprint\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stikynot.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\stikynot.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\swriter.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\swriter.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\unopkg.exe
(Default) REG_SZ C:\Program Files\OpenOffice.org 3\program\unopkg.exe
Path REG_SZ C:\Program Files\OpenOffice.org 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Webcam Video Viewer.exe
Path REG_SZ C:\Program Files\ArcSoft\Webcam Video Viewer
(Default) REG_SZ C:\Program Files\ArcSoft\Webcam Video Viewer\Webcam Video Viewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winamp.exe
(Default) REG_SZ C:\Program Files\Winamp\winamp.exe
Path REG_SZ C:\Program Files\Winamp

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
(Default) REG_SZ C:\Program Files\WinRAR\WinRAR.exe
Path REG_SZ C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~2\WksCal.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ C:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wlmail.exe
(Default) REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\wlmail.exe
Path REG_EXPAND_SZ C:\Program Files\Windows Live\Mail\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wordview.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\OFFICE11\WORDVIEW.EXE
Path REG_SZ C:\Program Files\Microsoft Office\OFFICE11\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\System32\XPSViewer\XPSViewer.exe"



Mozilla


HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[You must be registered and logged in to see this link.] REG_SZ C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
{27182e60-b5f3-411c-b545-b44205977502} REG_SZ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
(Default) REG_SZ 1.9.2.8
CurrentVersion REG_SZ 3.6.8 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)
(Default) REG_SZ 3.6.8 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)\Main
Install Directory REG_SZ C:\Program Files\Mozilla Firefox
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.8 (en-US)\Uninstall
Description REG_SZ Mozilla Firefox (3.6.8)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8
GeckoVer REG_SZ 1.9.2.8

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8\bin
PathToExe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.8\extensions
Components REG_SZ C:\Program Files\Mozilla Firefox\components
Plugins REG_SZ C:\Program Files\Mozilla Firefox\plugins



Shared Task Scheduler


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon



SafeBoot



SafeBootMinimal


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

SafeBootNetwork


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


File Rename Operations - Session




Known DLLs - Session


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll



Downloaded program files (ActiveX)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files

desktop.ini
install.log
OnlineScanner.inf
unagiuninst.exe


Mountpoints


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aff7acd-2886-11df-8f25-001f1645c259}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83e93621-a226-11df-a1c2-001f1645c259}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8e9e5fc-0c10-11de-8812-001f1645c259}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8e9e611-0c10-11de-8812-001f1645c259}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a1f8fb-f86e-11dd-95eb-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a1f8fc-f86e-11dd-95eb-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a1f900-f86e-11dd-95eb-806e6f6e6963}
Winlogon


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x2b
SFCDisable REG_DWORD 0x0
System REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked


Windows Update


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-08-19 17:37:51
LastError REG_DWORD 0x646



Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antispyware: Windows Defender *Scanner enabled* (Up to date) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


{END OF FILE}


TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 20th August 2010, 8:40 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 20th August 2010, 3:36 pm

here it is

ComboFix 10-08-18.06 - Nick F 08/20/2010 11:08:41.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1753 [GMT -7:00]
Running from: c:\users\Nick F\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-19 23:01 . 2010-08-19 23:04 -------- d-----w- C:\RkU3.8.388.590
2010-08-19 22:40 . 2010-08-19 22:43 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-08-19 22:17 . 2010-08-19 22:18 -------- d-----w- c:\program files\7-Zip
2010-08-11 21:05 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 21:05 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 21:05 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-11 21:04 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 21:01 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 21:01 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 21:00 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 21:00 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 21:00 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:00 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:00 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:00 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 17:57 . 2009-12-04 23:44 1 ----a-w- c:\users\Nick F\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-20 17:43 . 2009-02-11 18:58 31966 ----a-w- c:\programdata\nvModes.dat
2010-08-15 06:58 . 2009-03-09 04:04 37254 ----a-w- c:\users\Nick F\AppData\Roaming\wklnhst.dat
2010-08-12 20:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-06 02:37 . 2009-03-06 01:24 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-28 21:15 . 2009-03-28 19:16 7808 ----a-w- c:\users\Nick F\AppData\Local\d3d9caps.dat
2010-07-15 19:07 . 2009-03-06 01:05 81208 ----a-w- c:\users\Nick F\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-15 06:11 . 2009-12-04 23:33 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-08 17:41 . 2008-06-25 06:30 -------- d-----w- c:\programdata\Microsoft Help
2010-07-07 19:11 . 2010-03-06 01:51 -------- d-----w- c:\program files\iTunes
2010-07-07 19:09 . 2010-07-07 19:09 -------- d-----w- c:\program files\iPod
2010-07-07 19:09 . 2009-09-22 17:41 -------- d-----w- c:\program files\Common Files\Apple
2010-07-07 19:03 . 2010-07-07 19:03 -------- d-----w- c:\program files\Bonjour
2010-07-07 18:57 . 2010-07-07 18:57 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-07 18:54 . 2010-04-04 16:02 -------- d-----w- c:\program files\Safari
2010-07-07 18:50 . 2010-07-07 18:50 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-28 22:42 . 2008-06-25 06:32 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 22:35 . 2009-03-06 00:58 -------- d-----w- c:\program files\Common Files\AOL
2010-06-24 21:16 . 2010-05-21 20:56 -------- d-----w- c:\programdata\NOS
2010-05-26 22:24 . 2010-04-28 03:36 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-11 22:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 22:29 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-05-11 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-02-25 37888]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe" [2009-09-28 240976]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-12-14 307880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\users\Nick F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2009-12-25 266240]
Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-12-25 530944]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-7-30 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9b,5e,bc,5c,78,6c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\HPCeeScheduleForNick F.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-25 03:03]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-hpqSRMon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-20 11:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5596)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2010-08-20 11:29:13
ComboFix-quarantined-files.txt 2010-08-20 18:29
ComboFix2.txt 2010-05-19 19:14

Pre-Run: 61,785,391,104 bytes free
Post-Run: 64,246,513,664 bytes free

- - End Of File - - D157333271277DB6E3E61407B018F8F8

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 21st August 2010, 5:46 am

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 21st August 2010, 6:31 pm

I looked everywhere, but these are the only log files I could find in ESET.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 21st August 2010, 8:54 pm

Ok. What other signs of infection are there?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 21st August 2010, 10:52 pm

The scan came up with nothing. It didn't find any other infections.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 22nd August 2010, 5:32 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 22nd August 2010, 4:23 pm

here are the logs

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x81E3D000 \SystemRoot\system32\ntkrnlpa.exe
0x81E0A000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80601000 \SystemRoot\system32\drivers\acpi.sys
0x80647000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80650000 \SystemRoot\system32\drivers\msisadrv.sys
0x80658000 \SystemRoot\system32\drivers\pci.sys
0x8067F000 \SystemRoot\system32\drivers\isapnp.sys
0x8068E000 \SystemRoot\system32\drivers\mpio.sys
0x806AA000 \SystemRoot\System32\drivers\partmgr.sys
0x806B9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C6000 \SystemRoot\system32\drivers\volmgr.sys
0x806D5000 \SystemRoot\System32\drivers\volmgrx.sys
0x8071F000 \SystemRoot\system32\drivers\intelide.sys
0x80726000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80734000 \SystemRoot\system32\drivers\pciide.sys
0x8073B000 \SystemRoot\system32\drivers\aliide.sys
0x80742000 \SystemRoot\system32\drivers\amdide.sys
0x80749000 \SystemRoot\system32\drivers\cmdide.sys
0x80751000 \SystemRoot\System32\drivers\mountmgr.sys
0x80761000 \SystemRoot\system32\drivers\msdsm.sys
0x8077B000 \SystemRoot\system32\drivers\nvraid.sys
0x80796000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B7000 \SystemRoot\system32\drivers\viaide.sys
0x89C06000 \SystemRoot\system32\drivers\iastorv.sys
0x89CA7000 \SystemRoot\system32\drivers\atapi.sys
0x89CAF000 \SystemRoot\system32\drivers\ataport.SYS
0x89CCD000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x89CE7000 \SystemRoot\system32\drivers\storport.sys
0x89D28000 \SystemRoot\system32\drivers\nvstor.sys
0x89D35000 \SystemRoot\system32\drivers\hpcisss.sys
0x89D40000 \SystemRoot\system32\drivers\adp94xx.sys
0x89DAA000 \SystemRoot\system32\drivers\adpahci.sys
0x807BF000 \SystemRoot\system32\drivers\adpu160m.sys
0x807DA000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x805CD000 \SystemRoot\system32\drivers\adpu320.sys
0x89E0E000 \SystemRoot\system32\drivers\djsvs.sys
0x89E22000 \SystemRoot\system32\drivers\arc.sys
0x89E38000 \SystemRoot\system32\drivers\arcsas.sys
0x89E4E000 \SystemRoot\system32\drivers\elxstor.sys
0x89EE2000 \SystemRoot\system32\drivers\i2omp.sys
0x89EEC000 \SystemRoot\system32\drivers\iirsp.sys
0x89EFC000 \SystemRoot\system32\drivers\iteatapi.sys
0x89F08000 \SystemRoot\system32\drivers\iteraid.sys
0x89F14000 \SystemRoot\system32\drivers\lsi_fc.sys
0x89F2E000 \SystemRoot\system32\drivers\lsi_sas.sys
0x89F46000 \SystemRoot\system32\drivers\megasas.sys
0x8A005000 \SystemRoot\system32\drivers\megasr.sys
0x8A0BC000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A0C7000 \SystemRoot\system32\drivers\msahci.sys
0x8A0D1000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A207000 \SystemRoot\system32\drivers\ql2300.sys
0x8A33F000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A394000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A3A1000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A3B6000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A3C2000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A3CD000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A0DF000 \SystemRoot\system32\drivers\uliahci.sys
0x8A3D8000 \SystemRoot\system32\drivers\ulsata.sys
0x8A11B000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A147000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A168000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A19A000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F50000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A40C000 \SystemRoot\system32\drivers\ndis.sys
0x8A517000 \SystemRoot\system32\drivers\msrpc.sys
0x8A542000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A607000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A804000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A914000 \SystemRoot\system32\drivers\wd.sys
0x8A91C000 \SystemRoot\system32\drivers\volsnap.sys
0x8A955000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95D000 \SystemRoot\system32\drivers\sbp2port.sys
0x8A972000 \SystemRoot\System32\Drivers\mup.sys
0x8A981000 \SystemRoot\System32\drivers\ecache.sys
0x8A9A8000 \SystemRoot\system32\drivers\disk.sys
0x8A9B9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A70C000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A9F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A71B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A72E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A733000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A73E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A800000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A76E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A779000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A77D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A785000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A78F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7CD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E00A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E097000 \SystemRoot\system32\drivers\Afc.sys
0x8E09F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E0B7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E0BD000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E608000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF5F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F004000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F0A5000 \SystemRoot\System32\drivers\watchdog.sys
0x8F0B1000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F195000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8F19D000 \SystemRoot\system32\DRIVERS\ArcSoftVirtualCapture.sys
0x8F1A2000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8F1AF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EF61000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F1D9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F1E4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EF90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF9B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EFBE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EFCD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EFE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E1BA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EFF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E1CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A57D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E1D7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A5B2000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8A1AA000 \SystemRoot\system32\drivers\portcls.sys
0x8A1D7000 \SystemRoot\system32\drivers\drmk.sys
0x89FC1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F60C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F70F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F7C4000 \SystemRoot\system32\drivers\modem.sys
0x8F7D1000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F7DF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F7E8000 \SystemRoot\System32\Drivers\Null.SYS
0x8F7EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E1E8000 \SystemRoot\System32\drivers\vga.sys
0x8A7DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E600000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E1F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A5E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E000000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F801000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F817000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F849000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F85D000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8F868000 \SystemRoot\system32\drivers\afd.sys
0x8F8B0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F8B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F8CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F927000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F931000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F948000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8F969000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F976000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F981000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x970F0000 \SystemRoot\System32\win32k.sys
0x8F989000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F993000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97310000 \SystemRoot\System32\TSDDD.dll
0x97330000 \SystemRoot\System32\cdd.dll
0x8F9A2000 \SystemRoot\system32\drivers\luafv.sys
0x8F9BD000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x8F9D4000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x9C202000 \SystemRoot\system32\drivers\spsys.sys
0x9C2B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C2F6000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x9C2FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C30E000 \SystemRoot\system32\drivers\HTTP.sys
0x9C37B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C398000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3B1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3C6000 \SystemRoot\system32\drivers\mrxdav.sys
0x8F9DC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E009000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E042000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E05A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E081000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E0E7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E0EB000 \SystemRoot\system32\drivers\peauth.sys
0x9E1C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E1D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E1DF000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E1E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77AD0000 \WINDOWS\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
428 C:\WINDOWS\System32\smss.exe
528 csrss.exe
580 C:\WINDOWS\System32\wininit.exe
592 csrss.exe
624 C:\WINDOWS\System32\services.exe
636 C:\WINDOWS\System32\lsass.exe
644 C:\WINDOWS\System32\lsm.exe
788 C:\WINDOWS\System32\svchost.exe
836 C:\WINDOWS\System32\winlogon.exe
888 C:\WINDOWS\System32\nvvsvc.exe
916 C:\WINDOWS\System32\svchost.exe
1060 C:\WINDOWS\System32\svchost.exe
1084 C:\WINDOWS\System32\svchost.exe
1124 C:\WINDOWS\System32\svchost.exe
1216 C:\WINDOWS\System32\audiodg.exe
1248 C:\WINDOWS\System32\SLsvc.exe
1284 C:\WINDOWS\System32\svchost.exe
1336 C:\WINDOWS\System32\nvvsvc.exe
1464 C:\WINDOWS\System32\svchost.exe
1580 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1592 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1640 C:\WINDOWS\System32\wlanext.exe
1956 C:\WINDOWS\System32\spoolsv.exe
1980 C:\WINDOWS\System32\svchost.exe
808 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1140 C:\Program Files\Bonjour\mDNSResponder.exe
1500 C:\WINDOWS\System32\lxdmcoms.exe
1760 C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
1384 C:\WINDOWS\System32\svchost.exe
1676 C:\WINDOWS\SMINST\BLService.exe
2056 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2100 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2152 C:\WINDOWS\System32\svchost.exe
2196 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2220 C:\WINDOWS\System32\svchost.exe
2260 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2308 C:\WINDOWS\System32\SearchIndexer.exe
2352 C:\WINDOWS\System32\drivers\XAudio.exe
2388 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2432 C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
2904 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3044 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3068 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
3912 C:\WINDOWS\System32\taskeng.exe
2952 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2396 WmiPrvSE.exe
1180 C:\WINDOWS\System32\taskeng.exe
3768 C:\WINDOWS\System32\dwm.exe
2720 C:\WINDOWS\explorer.exe
3712 C:\Program Files\HP\QuickPlay\QPService.exe
1612 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3004 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
448 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2696 C:\Program Files\Winamp\winampa.exe
952 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1668 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
508 C:\WINDOWS\System32\wuauclt.exe
2824 WmiPrvSE.exe
3512 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
2800 C:\WINDOWS\Philips\SPC230NC\Monitor.exe
1448 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
2664 C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
772 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3544 C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
3552 C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
996 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3848 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4044 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2368 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1224 C:\Program Files\iTunes\iTunesHelper.exe
3868 C:\Program Files\Windows Sidebar\sidebar.exe
3484 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1320 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
436 C:\Program Files\Windows Media Player\wmpnscfg.exe
2956 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3012 C:\Program Files\Windows Media Player\wmpnetwk.exe
2456 C:\Program Files\HP\Button Manager\BM.exe
2000 C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
2836 C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
3408 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4104 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4444 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4632 C:\Program Files\Windows Sidebar\sidebar.exe
5032 C:\Program Files\iPod\bin\iPodService.exe
5876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4132 C:\Program Files\Windows Live\Contacts\wlcomm.exe
720 C:\WINDOWS\System32\SearchProtocolHost.exe
4712 C:\WINDOWS\System32\SearchFilterHost.exe
940 C:\Users\Nick F\Desktop\MBRCheck.exe
3696 taskeng.exe
260

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`cf100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1652GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 23rd August 2010, 7:22 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 23rd August 2010, 7:19 pm

I do not have a Windows CD, what would you suggest instead?

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 24th August 2010, 8:33 pm

See if the MBRCheck fix is successful. If not, then I have backup utilities.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 24th August 2010, 10:47 pm

I believe these are the logs you wanted.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x81E52000 \SystemRoot\system32\ntkrnlpa.exe
0x81E1F000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\PSHED.dll
0x80426000 \SystemRoot\system32\BOOTVID.dll
0x8042E000 \SystemRoot\system32\CLFS.SYS
0x8046F000 \SystemRoot\system32\CI.dll
0x8054F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\system32\drivers\acpi.sys
0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065E000 \SystemRoot\system32\drivers\pci.sys
0x80685000 \SystemRoot\system32\drivers\isapnp.sys
0x80694000 \SystemRoot\system32\drivers\mpio.sys
0x806B0000 \SystemRoot\System32\drivers\partmgr.sys
0x806BF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806C2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806CC000 \SystemRoot\system32\drivers\volmgr.sys
0x806DB000 \SystemRoot\System32\drivers\volmgrx.sys
0x80725000 \SystemRoot\system32\drivers\intelide.sys
0x8072C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8073A000 \SystemRoot\system32\drivers\pciide.sys
0x80741000 \SystemRoot\system32\drivers\aliide.sys
0x80748000 \SystemRoot\system32\drivers\amdide.sys
0x8074F000 \SystemRoot\system32\drivers\cmdide.sys
0x80757000 \SystemRoot\System32\drivers\mountmgr.sys
0x80767000 \SystemRoot\system32\drivers\msdsm.sys
0x80781000 \SystemRoot\system32\drivers\nvraid.sys
0x8079C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807BD000 \SystemRoot\system32\drivers\viaide.sys
0x89C05000 \SystemRoot\system32\drivers\iastorv.sys
0x89CA6000 \SystemRoot\system32\drivers\atapi.sys
0x89CAE000 \SystemRoot\system32\drivers\ataport.SYS
0x89CCC000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x89CE6000 \SystemRoot\system32\drivers\storport.sys
0x89D27000 \SystemRoot\system32\drivers\nvstor.sys
0x89D34000 \SystemRoot\system32\drivers\hpcisss.sys
0x89D3F000 \SystemRoot\system32\drivers\adp94xx.sys
0x89DA9000 \SystemRoot\system32\drivers\adpahci.sys
0x807C5000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D8000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x89E05000 \SystemRoot\system32\drivers\adpu320.sys
0x89E2B000 \SystemRoot\system32\drivers\djsvs.sys
0x89E3F000 \SystemRoot\system32\drivers\arc.sys
0x89E55000 \SystemRoot\system32\drivers\arcsas.sys
0x89E6B000 \SystemRoot\system32\drivers\elxstor.sys
0x89EFF000 \SystemRoot\system32\drivers\i2omp.sys
0x89F09000 \SystemRoot\system32\drivers\iirsp.sys
0x89F19000 \SystemRoot\system32\drivers\iteatapi.sys
0x89F25000 \SystemRoot\system32\drivers\iteraid.sys
0x89F31000 \SystemRoot\system32\drivers\lsi_fc.sys
0x89F4B000 \SystemRoot\system32\drivers\lsi_sas.sys
0x89F63000 \SystemRoot\system32\drivers\megasas.sys
0x8A000000 \SystemRoot\system32\drivers\megasr.sys
0x8A0B7000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A0C2000 \SystemRoot\system32\drivers\msahci.sys
0x8A0CC000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A203000 \SystemRoot\system32\drivers\ql2300.sys
0x8A33B000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A390000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A39D000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A3B2000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A3BE000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A3C9000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A0DA000 \SystemRoot\system32\drivers\uliahci.sys
0x8A3D4000 \SystemRoot\system32\drivers\ulsata.sys
0x8A116000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A142000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A163000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A195000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F6D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A400000 \SystemRoot\system32\drivers\ndis.sys
0x8A50B000 \SystemRoot\system32\drivers\msrpc.sys
0x8A536000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60C000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A804000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A914000 \SystemRoot\system32\drivers\wd.sys
0x8A91C000 \SystemRoot\system32\drivers\volsnap.sys
0x8A955000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95D000 \SystemRoot\system32\drivers\sbp2port.sys
0x8A972000 \SystemRoot\System32\Drivers\mup.sys
0x8A981000 \SystemRoot\System32\drivers\ecache.sys
0x8A9A8000 \SystemRoot\system32\drivers\disk.sys
0x8A9B9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A9ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A711000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A9F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A720000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A733000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A738000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A743000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A800000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A773000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A77E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A782000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A78A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A794000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7D2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A571000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A7E1000 \SystemRoot\system32\drivers\Afc.sys
0x8A1A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A7E9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E80F000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F757000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F759000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E90C000 \SystemRoot\System32\drivers\watchdog.sys
0x8E918000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E800000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8F7FA000 \SystemRoot\system32\DRIVERS\ArcSoftVirtualCapture.sys
0x8A7EF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8A1BD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F802000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F831000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F83C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F853000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F85E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F881000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F890000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F8A4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F8B9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F8C9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F8CB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F8D5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F8E2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F917000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F928000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F95E000 \SystemRoot\system32\drivers\portcls.sys
0x8F98B000 \SystemRoot\system32\drivers\drmk.sys
0x8F9B0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FD12000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FDC7000 \SystemRoot\system32\drivers\modem.sys
0x8FDD4000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8FDE2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FDEB000 \SystemRoot\System32\Drivers\Null.SYS
0x8FDF2000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FDF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FC00000 \SystemRoot\System32\drivers\vga.sys
0x89FDE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F9EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F9F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A1E7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A3F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807E0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FE01000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FE33000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FE47000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8FE52000 \SystemRoot\system32\drivers\afd.sys
0x8FE9A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8FE9E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FEB4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FEC2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FED5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FF11000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FF1B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF32000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8FF53000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FF60000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FF6B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x976A0000 \SystemRoot\System32\win32k.sys
0x8FF73000 \SystemRoot\System32\drivers\Dxapi.sys
0x978C0000 \SystemRoot\System32\TSDDD.dll
0x978E0000 \SystemRoot\System32\cdd.dll
0x8FF8C000 \SystemRoot\system32\drivers\luafv.sys
0x8FFA7000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x8FFBE000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x9C20F000 \SystemRoot\system32\drivers\spsys.sys
0x9C2BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C2CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C2F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C303000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x9C308000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C31B000 \SystemRoot\system32\drivers\HTTP.sys
0x9C388000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C3A5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C3BE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C3D3000 \SystemRoot\system32\drivers\mrxdav.sys
0x8FFC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E407000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E440000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E458000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E47F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E4E5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E4E9000 \SystemRoot\system32\drivers\peauth.sys
0x9E5C7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E5D1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E5DD000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E5E5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9E4CD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x772B0000 \WINDOWS\System32\ntdll.dll

Processes (total 96):
0 System Idle Process
4 System
460 C:\WINDOWS\System32\smss.exe
528 csrss.exe
580 csrss.exe
588 C:\WINDOWS\System32\wininit.exe
624 C:\WINDOWS\System32\services.exe
636 C:\WINDOWS\System32\lsass.exe
644 C:\WINDOWS\System32\lsm.exe
796 C:\WINDOWS\System32\svchost.exe
844 C:\WINDOWS\System32\nvvsvc.exe
880 C:\WINDOWS\System32\winlogon.exe
924 C:\WINDOWS\System32\svchost.exe
1056 C:\WINDOWS\System32\svchost.exe
1080 C:\WINDOWS\System32\svchost.exe
1100 C:\WINDOWS\System32\svchost.exe
1200 C:\WINDOWS\System32\audiodg.exe
1232 C:\WINDOWS\System32\SLsvc.exe
1268 C:\WINDOWS\System32\svchost.exe
1304 C:\WINDOWS\System32\nvvsvc.exe
1492 C:\WINDOWS\System32\svchost.exe
1612 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1628 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1636 C:\WINDOWS\System32\wlanext.exe
1968 C:\WINDOWS\System32\spoolsv.exe
1992 C:\WINDOWS\System32\svchost.exe
452 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1012 C:\Program Files\Bonjour\mDNSResponder.exe
1436 C:\WINDOWS\System32\lxdmcoms.exe
1460 C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
1220 C:\WINDOWS\System32\svchost.exe
492 C:\WINDOWS\SMINST\BLService.exe
2032 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2076 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2144 C:\WINDOWS\System32\svchost.exe
2176 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2220 C:\WINDOWS\System32\svchost.exe
2252 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2284 C:\WINDOWS\System32\SearchIndexer.exe
2356 C:\WINDOWS\System32\drivers\XAudio.exe
2380 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2408 C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
2944 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3084 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3108 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
3412 WmiPrvSE.exe
3720 C:\WINDOWS\System32\dwm.exe
3752 C:\WINDOWS\explorer.exe
3768 C:\WINDOWS\System32\taskeng.exe
3972 C:\Program Files\HP\QuickPlay\QPService.exe
4012 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4024 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2124 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2400 C:\Program Files\Winamp\winampa.exe
1412 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
2792 C:\WINDOWS\Philips\SPC230NC\Monitor.exe
1156 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
3012 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
1040 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
1052 WmiPrvSE.exe
3312 C:\Program Files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
2848 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2836 C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
3528 C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
444 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1028 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2092 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1004 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
4076 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4060 C:\Program Files\iTunes\iTunesHelper.exe
2280 C:\Program Files\Windows Sidebar\sidebar.exe
2784 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3764 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3296 C:\Program Files\HP\Button Manager\BM.exe
1724 C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
3980 C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
2232 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3140 C:\Program Files\Windows Media Player\wmpnscfg.exe
4128 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4268 C:\Program Files\Windows Media Player\wmpnetwk.exe
4356 C:\WINDOWS\System32\taskeng.exe
4572 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5108 C:\WINDOWS\System32\wuauclt.exe
5552 C:\Program Files\Windows Sidebar\sidebar.exe
5992 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2072 C:\Program Files\iPod\bin\iPodService.exe
4148 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4088 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5468 C:\Program Files\Mozilla Firefox\firefox.exe
5220 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
4040 C:\Program Files\Mozilla Firefox\plugin-container.exe
2560 C:\WINDOWS\System32\SearchProtocolHost.exe
3968 C:\WINDOWS\System32\SearchFilterHost.exe
4980 C:\WINDOWS\System32\notepad.exe
3784 C:\Users\Nick F\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`cf100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1652GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 25th August 2010, 9:24 am

Please re-run MBRCheck and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 26th August 2010, 3:39 pm

I think this is it

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`cf100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 26th August 2010, 8:08 pm

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press Enter
  • Open a Notepad and press CTRL V
  • Post the output back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 27th August 2010, 12:45 am

here

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 2404788b716b45266811c1294c3c975c

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix


Done;
Press any key to quit...

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 27th August 2010, 8:01 pm

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 27th August 2010, 8:23 pm

I think this is it

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.1.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

Done;
Press any key to quit...

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 29th August 2010, 1:15 am

Do you know a friend who has a Windows Vista disc?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 29th August 2010, 1:16 am

No I do not, sadly.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 29th August 2010, 1:39 am

See this, to prepare a Windows Vista Recovery Disc: [You must be registered and logged in to see this link.]

If you need help getting through the process, let me know.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 29th August 2010, 3:42 pm

Do you know where I can download a MagicISO CD/DVD Burner?

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 29th August 2010, 8:36 pm

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 29th August 2010, 11:53 pm

I have made a Windows Vista Recovery Disc, what next?

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 31st August 2010, 4:57 am

Excellent.

For the recovery disc, do you have an option for BootRec?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 31st August 2010, 7:06 pm

I do not see anything with BootRec, the only programs I see on the disc are:

bootmgr
bcd
boot.sdi
bootfix.bin
boot.wim

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 1st September 2010, 10:03 pm

What options do you have in bootmgr?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 1st September 2010, 11:52 pm

None, it's just a file. I don't know what program I would need to even access it.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 4th September 2010, 4:20 am

I will check out some other options.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 10th September 2010, 3:30 pm

Yesterday, I have been successfully able to download and update Adobe Flashplayer. The previous failures to download properly were my concerns of virus remnants remaining when I posted here, and now it seems to be working again.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 11th September 2010, 4:33 am

Have the same problems stuck?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 13th September 2010, 4:17 am

No, they seemed to have vanished. I can download updates normally.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 16th September 2010, 2:37 am

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 17th September 2010, 7:30 pm

I have preformed all the requested scans, and the computer is still running well and receiving updates. Here are the logs.

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.2
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 18th September 2010, 12:56 am

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

========================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A varient of Win32

Post by TheBlackScepter on 18th September 2010, 2:38 am

None. I just updated Firefox and I am taking the steps necessary to hopefully prevent future infections. Thank you very much for your time and assistance with my problem.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25837
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A varient of Win32

Post by Dr Jay on 18th September 2010, 10:59 am

You're welcome. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum