Application is executed the file --------- maybe infected

[craker33]

Please help...

I have the same problem as it seems others do.

I have read the steps taken by others, and tried to start by using the rkill app.

This does not work, the virus stops it from running - all 4 versions.

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[craker33]

Ok thank you for the help, here is the log.

another wierd thing was that I had left my computer off for a few days, and when I turned it on there was not virus acting up and I was not able to completley shut down McCafee while this was going. No matter how hard I tried I ended all the proceses but still it kept popping up saying registry changes were occuring and when I tried to open the actual service center to shut it down it kept saying I needed to restart my computer which didn't help.

ComboFix 10-06-14.02 - Kurt Viehl 06/14/2010  19:06:43.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3061.1917 [GMT -7:00]
Running from: c:\users\Kurt Viehl\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Kurt Viehl\AppData\Local\oxgytjohv
c:\users\Kurt Viehl\AppData\Local\oxgytjohv\tjlidfmtssd.exe
c:\users\Kurt Viehl\AppData\Local\syssvc.exe

.
(((((((((((((((((((((((((   Files Created from 2010-05-15 to 2010-06-15  )))))))))))))))))))))))))))))))
.

2010-06-15 02:13 . 2010-06-15 02:13   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-06-15 02:04 . 2010-06-15 02:05   --------   d-----w-   C:\32788R22FWJFW
2010-06-09 02:42 . 2010-06-09 02:42   63488   ----a-w-   c:\users\Kurt Viehl\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-09 02:42 . 2010-06-09 02:42   52224   ----a-w-   c:\users\Kurt Viehl\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-09 02:42 . 2010-06-09 02:42   117760   ----a-w-   c:\users\Kurt Viehl\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-09 02:42 . 2010-06-09 02:42   --------   d-----w-   c:\users\Kurt Viehl\AppData\Roaming\SUPERAntiSpyware.com
2010-06-09 02:42 . 2010-06-09 02:42   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-06-09 02:42 . 2010-06-09 02:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-06-09 02:41 . 2010-06-09 02:41   --------   d-----w-   c:\program files\Trend Micro
2010-06-08 01:06 . 2010-06-08 01:06   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-07 05:04 . 2010-03-30 07:46   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 05:04 . 2010-03-30 07:45   20824   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-04 05:10 . 2010-06-04 05:10   562672   ----a-w-   c:\programdata\Google\Google Toolbar\Component\GoogleUpdateSetup_08959B9F76147231.exe
2010-05-27 05:48 . 2010-05-27 05:47   501872   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb251E.tmp.exe
2010-05-26 04:18 . 2010-04-23 13:55   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-05-17 05:23 . 2010-01-29 16:21   738304   ----a-w-   c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 00:54 . 2008-06-24 01:35   12   ----a-w-   c:\windows\bthservsdp.dat
2010-06-10 05:10 . 2008-09-24 18:04   1356   ----a-w-   c:\users\Kurt Viehl\AppData\Local\d3d9caps.dat
2010-06-07 05:04 . 2010-04-23 01:39   --------   d-----w-   c:\program files\explorer kton
2010-05-17 13:39 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-05-12 18:21 . 2009-10-04 08:32   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-04-26 06:12 . 2009-12-29 11:04   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-04-25 08:11 . 2009-12-29 11:04   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-04-25 06:57 . 2010-04-25 06:57   658184   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 01:40 . 2010-04-23 01:40   --------   d-----w-   c:\users\Kurt Viehl\AppData\Roaming\Malwarebytes
2010-04-23 01:39 . 2010-04-23 01:39   --------   d-----w-   c:\programdata\Malwarebytes
2008-06-04 08:39 . 2008-06-04 08:39   76   --sha-r-   c:\windows\CT4CET.bin
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-28 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-4 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-04 08:56   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-28 30192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:32]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 22:32]

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-21 20:32]

2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-21 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-yglyievh - c:\users\Kurt Viehl\AppData\Local\oxgytjohv\tjlidfmtssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 19:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\users\KURTVI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-14  19:16:58
ComboFix-quarantined-files.txt  2010-06-15 02:16

Pre-Run: 135,919,403,008 bytes free
Post-Run: 135,844,765,696 bytes free

- - End Of File - - 8B970C41ADB0E3DA54CE905A0F2A37C0

[Dr Jay]

Please download MySystem-Search from one of the following links:
Download mirror

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

[craker33]

Hi Jay,

Here is the log
-------------------

MySystem-Search
 
Run on 06/16/2010 at  8:23:44
 
MSS v1.3
 
 
Basic System Information
 

Host Name:                 KVIEHL-PC
OS Name:                   Microsoftr Windows VistaT Home Premium
OS Version:                6.0.6001 Service Pack 1 Build 6001
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          Kurt Viehl
Registered Organization:   
Product ID:                89578-OEM-7332157-00204
Original Install Date:     6/23/2008, 7:00:32 PM
System Boot Time:          6/16/2010, 8:17:53 AM
System Manufacturer:       Dell Inc.
System Model:              Inspiron 1525                   
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: x64 Family 6 Model 15 Stepping 13 GenuineIntel ~1833 Mhz
BIOS Version:              Dell Inc. A11, 3/10/2008
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume3
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (GMT-08:00) Pacific Time (US & Canada)
Total Physical Memory:     3,061 MB
Available Physical Memory: 1,692 MB
Page File: Max Size:       6,325 MB
Page File: Available:      4,826 MB
Page File: In Use:         1,499 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    HOME
Logon Server:              \\KVIEHL-PC
Hotfix(s):                 173 Hotfix(s) Installed.
                           [01]: {D6705815-3FDA-4D84-9B09-7CC3F012EE49}
                           [02]: {3D019598-7B59-447A-80AE-815B703B84FF}
                           [03]: {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
                           [04]: {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
                           [05]: {667A88D1-0369-4070-A62A-70672D68A9BF}
                           [06]: {D2F3957E-AD54-4614-8E48-8E234F0B4053}
                           [07]: {90486BA0-B80C-40C7-B8A5-29B412338B88}
                           [08]: {3D019598-7B59-447A-80AE-815B703B84FF}
                           [09]: {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
                           [10]: {917C5AB0-0E17-49AF-A3AC-0C7D4DE31891}
                           [11]: {D2F3957E-AD54-4614-8E48-8E234F0B4053}
                           [12]: {331B99C1-4C7B-4E90-848E-C6F90047E126} - Microsoft Works installation
                           [13]: {DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}
                           [14]: {106E7A1C-22DA-42D7-8E74-37772A9C89FB}
                           [15]: {17342715-5BEE-452F-BDA4-D088DE65EF7E}
                           [16]: {4649F6AB-2A95-4B7F-A458-9A47EEDFC4A3}
                           [17]: {551EA657-6B1B-4060-B90C-E30A4197249B}
                           [18]: {57D7BF6B-50E9-4494-973A-ABD630AE8E74}
                           [19]: {5F4B6C81-64E8-4B16-A932-1C444E1BA970}
                           [20]: {6A6A5A40-FB6D-402C-8516-CC61E6DFE524}
                           [21]: {70FEA8A5-882A-4B85-AFA6-81872E1022EC}
                           [22]: {B1D52FB5-29E4-46CE-8D14-670619934A4E}
                           [23]: {B945219C-C51C-4BD0-BAD5-A3FED95B555F}
                           [24]: {C37F9508-39A3-4B7E-947E-F8C69EC8A180}
                           [25]: {C602034B-0E04-4A4C-994B-9BE7AEFF5931}
                           [26]: {CEB1A88D-195D-4350-A550-C6807B1BBB17}
                           [27]: {D3EFC280-3E7E-45E8-AA78-6FC148A08B62}
                           [28]: {E59719F4-2062-486E-9D7B-B3467FA4FA95}
                           [29]: {F2C40119-CCD0-41D7-B257-80C6E0780087}
                           [30]: {F5001920-E94E-4287-80C6-158FBC1D7035}
                           [31]: {FA111F3D-A299-438D-A61F-2E8D5138D1D2}
                           [32]: {32971938-65B1-4B38-B483-9A32560B7CF2}
                           [33]: {D24D1CAC-4F81-4388-8469-D11ECC23581D}
                           [34]: {A208DD91-E21A-4A29-BAEE-04E02091F333}
                           [35]: {47113308-B3C0-4E76-A7A6-738935B96982}
                           [36]: KB905866
                           [37]: KB935509
                           [38]: KB937287
                           [39]: KB938371
                           [40]: KB938464
                           [41]: KB941693
                           [42]: KB948590
                           [43]: KB948609
                           [44]: KB948610
                           [45]: KB950124
                           [46]: KB950125
                           [47]: KB950126
                           [48]: KB950582
                           [49]: KB950759
                           [50]: KB950760
                           [51]: KB950762
                           [52]: KB950974
                           [53]: KB951066
                           [54]: KB951072
                           [55]: KB951376
                           [56]: KB951618
                           [57]: KB951698
                           [58]: KB951978
                           [59]: KB952004
                           [60]: KB952069
                           [61]: KB952287
                           [62]: KB952709
                           [63]: KB953155
                           [64]: KB953733
                           [65]: KB953838
                           [66]: KB953839
                           [67]: KB954154
                           [68]: KB954155
                           [69]: KB954211
                           [70]: KB954366
                           [71]: KB954459
                           [72]: KB955020
                           [73]: KB955069
                           [74]: KB955302
                           [75]: KB955430
                           [76]: KB955519
                           [77]: KB955839
                           [78]: KB956390
                           [79]: KB956391
                           [80]: KB956572
                           [81]: KB956744
                           [82]: KB956802
                           [83]: KB956841
                           [84]: KB957095
                           [85]: KB957097
                           [86]: KB957200
                           [87]: KB957321
                           [88]: KB957388
                           [89]: KB958215
                           [90]: KB958481
                           [91]: KB958483
                           [92]: KB958623
                           [93]: KB958624
                           [94]: KB958644
                           [95]: KB958687
                           [96]: KB958690
                           [97]: KB958869
                           [98]: KB959108
                           [99]: KB959130
                           [100]: KB959426
                           [101]: KB959772
                           [102]: KB960225
                           [103]: KB960544
                           [104]: KB960714
                           [105]: KB960715
                           [106]: KB960803
                           [107]: KB961260
                           [108]: KB961371
                           [109]: KB961501
                           [110]: KB963027
                           [111]: KB967632
                           [112]: KB967723
                           [113]: KB968389
                           [114]: KB968537
                           [115]: KB968816
                           [116]: KB969897
                           [117]: KB969898
                           [118]: KB969947
                           [119]: KB970238
                           [120]: KB970430
                           [121]: KB970653
                           [122]: KB970710
                           [123]: KB971468
                           [124]: KB971486
                           [125]: KB971557
                           [126]: KB971657
                           [127]: KB971737
                           [128]: KB971961
                           [129]: KB972036
                           [130]: KB972145
                           [131]: KB972260
                           [132]: KB972270
                           [133]: KB973346
                           [134]: KB973507
                           [135]: KB973525
                           [136]: KB973540
                           [137]: KB973565
                           [138]: KB973687
                           [139]: KB973768
                           [140]: KB973917
                           [141]: KB974145
                           [142]: KB974306
                           [143]: KB974318
                           [144]: KB974455
                           [145]: KB974469
                           [146]: KB974571
                           [147]: KB975467
                           [148]: KB975517
                           [149]: KB975560
                           [150]: KB975561
                           [151]: KB975929
                           [152]: KB976098
                           [153]: KB976325
                           [154]: KB976470
                           [155]: KB976749
                           [156]: KB977165
                           [157]: KB977816
                           [158]: KB978207
                           [159]: KB978251
                           [160]: KB978262
                           [161]: KB978338
                           [162]: KB978542
                           [163]: KB978601
                           [164]: KB979099
                           [165]: KB979306
                           [166]: KB979309
                           [167]: KB979683
                           [168]: KB980182
                           [169]: KB980232
                           [170]: KB980248
                           [171]: KB981349
                           [172]: KB981793
                           [173]: 940157
Network Card(s):           2 NIC(s) Installed.
                           [01]: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
                                 Connection Name: Local Area Connection
                                 Status:          Media disconnected
                           [02]: Dell Wireless 1395 WLAN Mini-Card
                                 Connection Name: Wireless Network Connection
                                 Status:          Media disconnected
 
 
CD Emulation Drivers running?
 
Roxio found!
 
 
Peer-to-Peer applications?
 
LimeWire found!
 
 
File associations
 
.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
 
 
Running processes
 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
System                           4 Services                   0      2,560 K
smss.exe                       448 Services                   0        728 K
csrss.exe                      580 Services                   0      5,592 K
wininit.exe                    620 Services                   0      3,620 K
csrss.exe                      632 Console                    1     15,852 K
services.exe                   664 Services                   0      5,748 K
lsass.exe                      676 Services                   0      7,908 K
lsm.exe                        684 Services                   0      3,896 K
winlogon.exe                   756 Console                    1      5,200 K
svchost.exe                    860 Services                   0      6,996 K
svchost.exe                    920 Services                   0      7,388 K
svchost.exe                    956 Services                   0     40,304 K
svchost.exe                   1048 Services                   0     12,620 K
svchost.exe                   1076 Services                   0     76,984 K
svchost.exe                   1096 Services                   0    170,028 K
audiodg.exe                   1204 Services                   0     14,036 K
SLsvc.exe                     1240 Services                   0      8,908 K
svchost.exe                   1276 Services                   0     11,736 K
svchost.exe                   1476 Services                   0     13,220 K
aawservice.exe                1596 Services                   0      2,004 K
wlanext.exe                   1624 Services                   0      4,924 K
dwm.exe                       1820 Console                    1      4,072 K
explorer.exe                  1844 Console                    1     56,568 K
MSASCui.exe                   1920 Console                    1      9,956 K
igfxtray.exe                  1928 Console                    1      4,596 K
hkcmd.exe                     1936 Console                    1      4,744 K
igfxpers.exe                  1944 Console                    1      4,108 K
Apoint.exe                    1952 Console                    1      8,080 K
sttray.exe                    1960 Console                    1      8,532 K
OEM02Mon.exe                  1968 Console                    1      4,336 K
WLTRAY.EXE                    1976 Console                    1     17,004 K
DellWMgr.exe                  1984 Console                    1      8,980 K
GoogleDesktop.exe             2016 Console                    1      5,164 K
IAAnotif.exe                  2032 Console                    1      6,072 K
iTunesHelper.exe               328 Console                    1      7,504 K
mcagent.exe                    348 Console                    1      1,792 K
PCMService.exe                 352 Console                    1     11,852 K
jusched.exe                    436 Console                    1     11,460 K
hpwuSchd2.exe                  468 Console                    1      2,788 K
spoolsv.exe                   1012 Services                   0      9,312 K
GoogleToolbarNotifier.exe     1232 Console                    1     10,128 K
svchost.exe                   1428 Services                   0     13,640 K
ehtray.exe                    1700 Console                    1      2,328 K
taskeng.exe                   1748 Console                    1      8,756 K
AEstSrv.exe                   2008 Services                   0      1,624 K
mDNSResponder.exe             2052 Services                   0      3,476 K
svchost.exe                   2092 Services                   0      3,252 K
svchost.exe                   2200 Services                   0     12,760 K
IAANTmon.exe                  2224 Services                   0      5,780 K
McSACore.exe                  2296 Services                   0      6,076 K
McProxy.exe                   2372 Services                   0      7,928 K
rundll32.exe                  2440 Console                    1      3,500 K
Mcshield.exe                  2464 Services                   0     52,796 K
BTTray.exe                    2544 Console                    1      7,736 K
MpfSrv.exe                    2604 Services                   0     10,844 K
DLG.exe                       2636 Console                    1      4,008 K
msksrver.exe                  2656 Services                   0      4,376 K
svchost.exe                   2700 Services                   0      2,940 K
hpqtra08.exe                  2804 Console                    1     18,600 K
svchost.exe                   2828 Services                   0      3,448 K
svchost.exe                   2872 Services                   0      4,584 K
stacsv.exe                    2948 Services                   0      5,916 K
quickset.exe                  3084 Console                    1      8,816 K
svchost.exe                   3160 Services                   0      6,324 K
svchost.exe                   3228 Services                   0      2,096 K
WLTRYSVC.EXE                  3244 Services                   0      2,488 K
SearchIndexer.exe             3324 Services                   0     12,084 K
BCMWLTRY.EXE                  3336 Services                   0     18,088 K
XAudio.exe                    3360 Services                   0      2,368 K
igfxsrvc.exe                  3924 Console                    1      5,116 K
ehmsas.exe                    2632 Console                    1      3,880 K
WmiPrvSE.exe                  1912 Services                   0      6,672 K
mcmscsvc.exe                  3172 Services                   0        616 K
iPodService.exe               4236 Services                   0      5,324 K
ApMsgFwd.exe                  4636 Console                    1      2,912 K
ApntEx.exe                    4676 Console                    1      3,900 K
hidfind.exe                   4744 Console                    1      3,564 K
McNASvc.exe                   4756 Services                   0      6,100 K
hpqste08.exe                  4908 Console                    1     10,604 K
hpqbam08.exe                  4980 Console                    1      5,044 K
hpqgpc01.exe                  5016 Console                    1      5,732 K
mcsysmon.exe                  5080 Services                   0      4,364 K
mcuimgr.exe                   4788 Console                    1      5,424 K
WMIADAP.exe                   4148 Services                   0      4,612 K
WmiPrvSE.exe                  4944 Services                   0     11,428 K
wuauclt.exe                   4404 Console                    1      5,728 K
mss.exe                       4652 Console                    1      3,456 K
cmd.exe                       2156 Console                    1      2,368 K
TrustedInstaller.exe           912 Services                   0     30,276 K
WUDFHost.exe                  5868 Services                   0      7,144 K
WmiPrvSE.exe                  5720 Services                   0      5,552 K
tasklist.exe                  4408 Console                    1      4,820 K
 
 
Hidden objects
 
PATH: C:\windows
 
CT4CET.bin
dell_version
Installer
WindowsShell.Manifest
 
 
PATH: C:\windows\system32
 
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
desktop.ini
GroupPolicy
 
 
PATH: C:\windows\system32\drivers
 
Msft_Kernel_Apfiltr_01005.Wdf
Msft_User_WpdFs_01_00_00.Wdf
 
 
PATH: C:\
 
$RECYCLE.BIN
bootmgr
dell.sdr
Documents and Settings
pagefile.sys
System Volume Information
 
 
User Profile check
 
Kurt Viehl
Public
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    State    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    Sid    REG_BINARY    010100000000000512000000
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    %SystemRoot%\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2248215059-924745718-3768712606-1000
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Kurt Viehl
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    010500000000000515000000130A0186F67F1E3 79EFDA1E0E8030000
    Migrated    REG_BINARY    1072FCAA9AD5C801
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x1
    RunLogonScriptSync    REG_DWORD    0x0

 
 
Current Scheduled Tasks
 
PATH: C:\Windows\Tasks
 
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
McDefragTask.job
McQcTask.job
SCHEDLGU.TXT
SA.DAT
 
 
Windows Drivers and NT-Services
 
 Volume in drive C is OS
 Volume Serial Number is 2480-CF19

 Directory of C:\Windows\System32\Drivers

06/23/2008  06:33 PM                 0 Msft_Kernel_Apfiltr_01005.Wdf
06/18/2008  03:20 PM                 0 Msft_User_WpdFs_01_00_00.Wdf
               2 File(s)              0 bytes
               0 Dir(s)  135,839,432,704 bytes free
 Volume in drive C is OS
 Volume Serial Number is 2480-CF19

 Directory of C:\Windows\System32\Drivers

09/10/1999  12:06 PM            25,244 ASPI32.SYS
06/19/2006  02:26 PM            12,672 mdmxsdk.sys
08/04/2006  05:39 PM             8,192 XAudio.sys
08/04/2006  05:39 PM           386,560 XAudio.exe
09/18/2006  02:26 PM         3,440,660 gm.dls
09/18/2006  02:26 PM               646 gmreadme.txt
09/29/2006  01:14 PM           144,360 del1028.cty
11/01/2006  11:37 PM            20,480 secdrv.sys
11/02/2006  12:36 AM            20,608 ntrigdigi.sys
11/02/2006  01:24 AM            62,336 BrSerWdm.sys
11/02/2006  01:24 AM            12,160 BrUsbMdm.sys
11/02/2006  01:24 AM            13,568 BrFiltLo.sys
11/02/2006  01:24 AM             5,248 BrFiltUp.sys
11/02/2006  01:24 AM            11,904 BrUsbSer.sys
11/02/2006  01:25 AM            71,808 BrSerId.sys
11/02/2006  01:51 AM             8,704 parvdm.sys
11/02/2006  01:51 AM            17,920 serenum.sys
11/02/2006  01:51 AM            83,456 serial.sys
11/02/2006  01:51 AM            79,360 parport.sys
11/02/2006  01:51 AM            13,312 sfloppy.sys
11/02/2006  01:52 AM            20,608 wacompen.sys
11/02/2006  01:55 AM            21,504 hidir.sys
11/02/2006  01:55 AM            19,456 usbohci.sys
11/02/2006  01:55 AM            68,608 usbcir.sys
11/02/2006  01:55 AM            29,184 hidbth.sys
11/02/2006  01:55 AM            39,936 bthmodem.sys
11/02/2006  02:04 AM           878,080 PEAuth.sys
11/02/2006  02:49 AM            31,848 sym_hi.sys
11/02/2006  02:49 AM            33,384 Mraid35x.sys
11/02/2006  02:50 AM            34,920 sym_u3.sys
11/02/2006  02:50 AM            35,944 symc8xx.sys
11/02/2006  02:50 AM            35,944 iteatapi.sys
11/02/2006  02:50 AM            35,944 iteraid.sys
11/02/2006  02:50 AM            71,272 djsvs.sys
11/02/2006  02:50 AM            76,392 sbp2port.sys
11/02/2006  02:50 AM            41,576 iirsp.sys
11/02/2006  02:50 AM            45,160 nfrd960.sys
11/02/2006  02:50 AM            98,408 ulsata.sys
11/02/2006  02:50 AM           106,088 ql40xx.sys
11/02/2006  02:51 AM           167,528 pcmcia.sys
11/02/2006  07:42 PM           659,968 HSX_CNXT.sys
11/02/2006  07:42 PM           206,848 HSXHWAZL.sys
11/02/2006  07:43 PM           986,624 HSX_DPV.sys
05/14/2007  04:17 PM            22,656 RimUsb.sys
07/13/2007  04:21 AM           125,728 Mpfp.sys
09/06/2007  09:35 AM            42,496 rimsptsk.sys
09/06/2007  09:35 AM            39,936 rimmptsk.sys
09/06/2007  09:35 AM            37,376 rixdptsk.sys
09/06/2007  09:43 AM           304,920 iaStor.sys
09/28/2007  10:31 PM           278,528 yk60x86.sys
10/17/2007  12:00 AM             9,072 cdr4_xp.sys
10/17/2007  12:00 AM             9,200 cdralw2k.sys
11/12/2007  04:07 AM           330,240 stwrt.sys
11/14/2007  01:00 AM            43,840 pxhelp20.sys
11/22/2007  04:44 AM            33,832 mferkdk.sys
11/22/2007  04:44 AM            79,304 mfeavfk.sys
11/22/2007  04:44 AM            35,240 mfebopk.sys
11/22/2007  04:44 AM           201,320 mfehidk.sys
12/02/2007  10:51 AM            40,488 mfesmfk.sys
12/11/2007  11:02 PM         1,044,984 BCMWL6.SYS
01/20/2008  07:23 PM           266,808 acpi.sys
01/20/2008  07:23 PM             6,656 errdev.sys
01/20/2008  07:23 PM            11,264 wmiacpi.sys
01/20/2008  07:23 PM            28,216 battc.sys
01/20/2008  07:23 PM            20,792 compbatt.sys
01/20/2008  07:23 PM            41,472 intelppm.sys
01/20/2008  07:23 PM            41,472 viac7.sys
01/20/2008  07:23 PM            44,032 amdk8.sys
01/20/2008  07:23 PM            41,472 amdk7.sys
01/20/2008  07:23 PM            40,960 crusoe.sys
01/20/2008  07:23 PM            40,960 processr.sys
01/20/2008  07:23 PM            17,976 intelide.sys
01/20/2008  07:23 PM            28,728 msahci.sys
01/20/2008  07:23 PM            19,000 cmdide.sys
01/20/2008  07:23 PM           110,136 ataport.sys
01/20/2008  07:23 PM            16,440 pciide.sys
01/20/2008  07:23 PM            45,112 pciidex.sys
01/20/2008  07:23 PM            20,024 viaide.sys
01/20/2008  07:23 PM            17,464 aliide.sys
01/20/2008  07:23 PM            21,560 atapi.sys
01/20/2008  07:23 PM            17,976 amdide.sys
01/20/2008  07:23 PM            54,328 termdd.sys
01/20/2008  07:23 PM            55,864 SISAGP.SYS
01/20/2008  07:23 PM            15,288 swenum.sys
01/20/2008  07:23 PM            60,984 ULIAGPKX.SYS
01/20/2008  07:23 PM           109,112 NV_AGP.SYS
01/20/2008  07:23 PM            31,288 mssmbios.sys
01/20/2008  07:23 PM            16,440 msisadrv.sys
01/20/2008  07:23 PM            56,376 AGP440.sys
01/20/2008  07:23 PM            49,720 isapnp.sys
01/20/2008  07:23 PM            52,792 volmgr.sys
01/20/2008  07:23 PM           151,096 pci.sys
01/20/2008  07:23 PM            56,888 VIAAGP.SYS
01/20/2008  07:23 PM            57,400 AMDAGP.SYS
01/20/2008  07:23 PM           248,832 rdpdr.sys
01/20/2008  07:23 PM           131,584 Dot4.sys
01/20/2008  07:23 PM            36,864 Dot4usb.sys
01/20/2008  07:23 PM           181,304 msiscsi.sys
01/20/2008  07:23 PM            45,568 blbdrive.sys
01/20/2008  07:23 PM            26,112 vgapnp.sys
01/20/2008  07:23 PM            67,072 cdrom.sys
01/20/2008  07:23 PM            30,264 i2omp.sys
01/20/2008  07:23 PM            19,000 i2omgmt.sys
01/20/2008  07:23 PM            16,384 Dot4Prt.sys
01/20/2008  07:23 PM            49,664 rfcomm.sys
01/20/2008  07:23 PM           226,304 usbport.sys
01/20/2008  07:23 PM            39,424 usbehci.sys
01/20/2008  07:23 PM            23,552 usbuhci.sys
01/20/2008  07:23 PM           194,560 usbhub.sys
01/20/2008  07:23 PM             5,888 usbd.sys
01/20/2008  07:23 PM            54,784 i8042prt.sys
01/20/2008  07:23 PM            15,872 mouhid.sys
01/20/2008  07:23 PM            34,360 mouclass.sys
01/20/2008  07:23 PM            19,968 sermouse.sys
01/20/2008  07:23 PM            25,088 fdc.sys
01/20/2008  07:23 PM            20,480 flpydisk.sys
01/20/2008  07:23 PM            73,216 usbccgp.sys
01/20/2008  07:23 PM           105,016 mpio.sys
01/20/2008  07:23 PM            92,160 bthpan.sys
01/20/2008  07:23 PM           238,648 uliahci.sys
01/20/2008  07:23 PM            55,352 disk.sys
01/20/2008  07:23 PM           130,048 drmk.sys
01/20/2008  07:23 PM           167,936 portcls.sys
01/20/2008  07:23 PM             5,632 drmkaud.sys
01/20/2008  07:23 PM            88,576 sdbus.sys
01/20/2008  07:23 PM           422,968 adp94xx.sys
01/20/2008  07:23 PM            45,112 nvstor.sys
01/20/2008  07:23 PM           102,968 nvraid.sys
01/20/2008  07:23 PM            94,776 msdsm.sys
01/20/2008  07:23 PM           227,896 volsnap.sys
01/20/2008  07:23 PM            53,376 1394bus.sys
01/20/2008  07:23 PM            61,952 ohci1394.sys
01/20/2008  07:23 PM            53,760 hdaudbus.sys
01/20/2008  07:23 PM            59,448 UAGP35.SYS
01/20/2008  07:23 PM            61,496 GAGP30KX.SYS
01/20/2008  07:23 PM            41,984 monitor.sys
01/20/2008  07:23 PM            24,632 crcdisk.sys
01/20/2008  07:23 PM           342,584 elxstor.sys
01/20/2008  07:23 PM            64,512 IPMIDrv.sys
01/20/2008  07:23 PM            18,944 usbprint.sys
01/20/2008  07:23 PM            34,816 umbus.sys
01/20/2008  07:23 PM            96,312 lsi_scsi.sys
01/20/2008  07:23 PM           235,064 iaStorV.sys
01/20/2008  07:23 PM            12,288 sffp_mmc.sys
01/20/2008  07:23 PM            13,312 sffdisk.sys
01/20/2008  07:23 PM            11,776 sffp_sd.sys
01/20/2008  07:23 PM           115,816 ulsata2.sys
01/20/2008  07:23 PM            15,872 kbdhid.sys
01/20/2008  07:23 PM            35,384 kbdclass.sys
01/20/2008  07:23 PM            96,312 lsi_fc.sys
01/20/2008  07:23 PM            79,416 arc.sys
01/20/2008  07:23 PM           130,616 vsmraid.sys
01/20/2008  07:23 PM            55,296 USBSTOR.SYS
01/20/2008  07:23 PM            79,928 arcsas.sys
01/20/2008  07:23 PM            22,072 wd.sys
01/20/2008  07:23 PM           118,784 E1G60I32.sys
01/20/2008  07:23 PM         1,122,360 ql2300.sys
01/20/2008  07:23 PM            89,656 lsi_sas.sys
01/20/2008  07:23 PM            19,456 bthenum.sys
01/20/2008  07:23 PM           300,600 adpahci.sys
01/20/2008  07:23 PM            41,016 sisraid2.sys
01/20/2008  07:23 PM            35,328 circlass.sys
01/20/2008  07:23 PM           101,432 adpu160m.sys
01/20/2008  07:23 PM            74,808 sisraid4.sys
01/20/2008  07:23 PM            40,504 HpCISSs.sys
01/20/2008  07:23 PM            14,208 CmBatt.sys
01/20/2008  07:23 PM            25,472 hidparse.sys
01/20/2008  07:23 PM            12,288 hidusb.sys
01/20/2008  07:23 PM            38,912 hidclass.sys
01/20/2008  07:23 PM           386,616 MegaSR.sys
01/20/2008  07:23 PM           149,560 adpu320.sys
01/20/2008  07:23 PM            31,288 megasas.sys
01/20/2008  07:23 PM            35,328 usbscan.sys
01/20/2008  07:23 PM            31,232 qwavedrv.sys
01/20/2008  07:23 PM            12,288 bdasup.sys
01/20/2008  07:23 PM           143,416 ecache.sys
01/20/2008  07:23 PM           110,080 mrxdav.sys
01/20/2008  07:23 PM            17,976 wmilib.sys
01/20/2008  07:23 PM           110,080 videoprt.sys
01/20/2008  07:23 PM            30,208 tcpipreg.sys
01/20/2008  07:23 PM            93,696 bridge.sys
01/20/2008  07:23 PM            57,400 mountmgr.sys
01/20/2008  07:23 PM             6,144 beep.sys
01/20/2008  07:23 PM            36,408 crashdmp.sys
01/20/2008  07:23 PM             7,680 umpass.sys
01/20/2008  07:23 PM             4,608 null.sys
01/20/2008  07:23 PM           529,464 ndis.sys
01/20/2008  07:23 PM           226,816 udfs.sys
01/20/2008  07:23 PM            34,816 npfs.sys
01/20/2008  07:23 PM         1,081,912 ntfs.sys
01/20/2008  07:23 PM            22,528 msfs.sys
01/20/2008  07:23 PM            70,144 cdfs.sys
01/20/2008  07:23 PM           503,864 Wdf01000.sys
01/20/2008  07:23 PM            35,896 WdfLdr.sys
01/20/2008  07:23 PM                 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/20/2008  07:23 PM            69,632 bowser.sys
01/20/2008  07:23 PM            13,312 irenum.sys
01/20/2008  07:23 PM           142,904 scsiport.sys
01/20/2008  07:23 PM           101,432 FWPKCLNT.SYS
01/20/2008  07:24 PM           192,056 fltMgr.sys
01/20/2008  07:24 PM           123,960 Storport.sys
01/20/2008  07:24 PM            58,936 fileinfo.sys
01/20/2008  07:24 PM            17,408 asyncmac.sys
01/20/2008  07:24 PM            20,992 tdi.sys
01/20/2008  07:24 PM            52,992 stream.sys
01/20/2008  07:24 PM     

[craker33]

01/20/2008  07:24 PM             6,144 RDPCDD.sys
01/20/2008  07:24 PM            12,800 fs_rec.sys
01/20/2008  07:24 PM            29,184 tdtcp.sys
01/20/2008  07:24 PM            17,920 tdpipe.sys
01/20/2008  07:24 PM            21,048 spldr.sys
01/20/2008  07:24 PM            15,872 usb8023.sys
01/20/2008  07:24 PM           121,344 ndiswan.sys
01/20/2008  07:24 PM           143,360 fastfat.sys
01/20/2008  07:24 PM            49,720 mup.sys
01/20/2008  07:24 PM            76,288 dxg.sys
01/20/2008  07:24 PM           273,920 afd.sys
01/20/2008  07:24 PM           224,768 rdbss.sys
01/20/2008  07:24 PM            11,776 rasacd.sys
01/20/2008  07:24 PM            35,840 netbios.sys
01/20/2008  07:24 PM            27,648 filetrace.sys
01/20/2008  07:24 PM            13,312 dxapi.sys
01/20/2008  07:24 PM            29,240 Dumpata.sys
01/20/2008  07:24 PM            25,728 USBCAMD.sys
01/20/2008  07:24 PM            25,728 USBCAMD2.sys
01/20/2008  07:24 PM            62,464 wanarp.sys
01/20/2008  07:24 PM            49,664 ndproxy.sys
01/20/2008  07:24 PM            20,992 ndistapi.sys
01/20/2008  07:24 PM           100,864 ipnat.sys
01/20/2008  07:24 PM            15,360 TUNMP.SYS
01/20/2008  07:24 PM           163,384 msrpc.sys
01/20/2008  07:24 PM           294,456 volmgrx.sys
01/20/2008  07:24 PM            33,280 RNDISMP.sys
01/20/2008  07:24 PM           148,992 ks.sys
01/20/2008  07:24 PM            95,744 irda.sys
01/20/2008  07:24 PM            19,968 Diskdump.sys
01/20/2008  07:24 PM            41,472 raspppoe.sys
01/20/2008  07:24 PM            60,416 rspndr.sys
01/20/2008  07:24 PM            47,104 lltdio.sys
01/20/2008  07:24 PM            84,480 luafv.sys
01/20/2008  07:24 PM           681,984 spsys.sys
01/20/2008  07:24 PM            32,768 watchdog.sys
01/20/2008  07:24 PM           127,544 Classpnp.sys
01/20/2008  07:24 PM           223,288 netio.sys
01/20/2008  07:24 PM            56,376 partmgr.sys
01/20/2008  07:24 PM            24,576 tape.sys
01/20/2008  07:24 PM            47,616 ipfltdrv.sys
01/20/2008  07:24 PM            18,944 mcd.sys
01/20/2008  07:24 PM            16,384 nsiproxy.sys
01/20/2008  07:24 PM            15,872 ws2ifsl.sys
01/20/2008  07:24 PM            64,000 mpsdrv.sys
01/20/2008  07:24 PM             8,192 rootmdm.sys
01/20/2008  07:24 PM           181,248 rdpwd.sys
01/20/2008  07:24 PM             6,144 RDPENCDD.sys
01/20/2008  07:24 PM            25,088 vga.sys
01/20/2008  07:24 PM             8,192 mskssrv.sys
01/20/2008  07:24 PM             5,504 mspqm.sys
01/20/2008  07:24 PM             6,016 mstee.sys
01/20/2008  07:24 PM             5,888 mspclock.sys
01/20/2008  07:24 PM            71,680 tdx.sys
01/20/2008  07:24 PM            75,264 dfsc.sys
01/20/2008  07:24 PM            16,896 ndisuio.sys
01/20/2008  07:24 PM            17,408 smclib.sys
01/20/2008  07:24 PM            62,976 raspptp.sys
01/20/2008  07:24 PM            76,288 rasl2tp.sys
01/20/2008  07:24 PM            31,744 modem.sys
01/20/2008  07:24 PM            83,328 WUDFRd.sys
01/20/2008  07:24 PM            51,200 WUDFPf.sys
01/20/2008  07:24 PM            23,552 tssecsrv.sys
01/20/2008  07:24 PM           184,320 netbt.sys
01/20/2008  07:25 PM            66,560 smb.sys
01/20/2008  07:25 PM           136,192 exfat.sys
01/20/2008  07:25 PM            69,120 rassstp.sys
01/24/2008  10:42 PM           164,400 Apfiltr.sys
01/29/2008  12:01 PM            16,168 GEARAspiWDM.sys
03/03/2008  10:05 PM           141,376 OEM02Afx.sys
03/03/2008  10:05 PM           235,648 OEM02Dev.sys
03/03/2008  10:05 PM            57,656 OEM02PC.bmp
03/03/2008  10:05 PM            57,656 OEM02Pvc.bmp
03/03/2008  10:05 PM             7,424 OEM02Vfx.sys
03/06/2008  12:58 AM         2,016,256 igdkmd32.sys
03/06/2008  12:58 AM           111,616 IntcHdmi.sys
04/04/2008  06:21 PM            72,192 pacer.sys
04/28/2008  06:42 PM            29,184 BTHUSB.SYS
04/28/2008  06:42 PM           220,160 bthport.sys
04/29/2008  11:19 AM            12,960 Awrtpd.sys
04/29/2008  11:19 AM            15,648 Awrtrd.sys
04/29/2008  11:20 AM            15,648 NSDriver.sys
05/09/2008  06:33 PM           113,664 rmcast.sys
05/19/2008  07:07 PM           148,480 nwifi.sys
06/04/2008  04:15 AM             4,975 1028_Dell_INS_1525.mrk
07/15/2008  10:53 AM    <DIR>          UMDF
08/01/2008  06:01 PM           625,152 dxgkrnl.sys
06/15/2009  11:20 AM           439,896 ksecdd.sys
09/14/2009  02:44 AM           144,896 srv2.sys
12/11/2009  05:07 AM            98,304 srvnet.sys
12/11/2009  05:07 AM           301,568 srv.sys
12/11/2009  10:30 PM    <DIR>          en-US
12/29/2009  02:43 PM             7,396 pctcore.cat
02/18/2010  04:52 AM            25,088 tunnel.sys
02/18/2010  07:49 AM           898,952 tcpip.sys
02/20/2010  02:18 PM           411,136 http.sys
02/23/2010  04:32 AM           105,984 mrxsmb.sys
02/23/2010  04:32 AM            78,848 mrxsmb20.sys
02/23/2010  04:32 AM           212,992 mrxsmb10.sys
06/14/2010  06:56 PM    <DIR>          etc
06/16/2010  08:23 AM    <DIR>          .
06/16/2010  08:23 AM    <DIR>          ..
             302 File(s)     36,021,532 bytes
               5 Dir(s)  135,839,432,704 bytes free
 
 
Virtual drives found?
 
 
 
Environment variables
 
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kurt Viehl\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KVIEHL-PC
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kurt Viehl
LOCALAPPDATA=C:\Users\Kurt Viehl\AppData\Local
LOGONSERVER=\\KVIEHL-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\KURTVI~1\AppData\Local\Temp
TMP=C:\Users\KURTVI~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=KVIEHL-PC
USERNAME=Kurt Viehl
USERPROFILE=C:\Users\Kurt Viehl
windir=C:\Windows
 
 
Stealth malware?
 
 
Internet Explorer
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
    Start Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=69157
    AutoHide    REG_SZ    yes
    Default_Page_URL    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=69157
    Default_Secondary_Page_URL    REG_MULTI_SZ   
    Default_Search_URL    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
    Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
    Extensions Off Page    REG_SZ    about:NoAdd-ons
    Security Risk Page    REG_SZ    about:SecurityRisk
    Enable_Disk_Cache    REG_SZ    yes
    Cache_Percent_of_Disk    REG_BINARY    0A000000
    Delete_Temp_Files_On_Exit    REG_SZ    yes
    Local Page    REG_EXPAND_SZ    %SystemRoot%\system32\blank.htm
    Anchor_Visitation_Horizon    REG_BINARY    01000000
    Use_Async_DNS    REG_SZ    yes
    Placeholder_Width    REG_BINARY    1A000000
    Placeholder_Height    REG_BINARY    1A000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    IE5_UA_Backup_Flag    REG_SZ    5.0
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    EmailName    REG_SZ    IEUser@
    AutoConfigProxy    REG_SZ    wininet.dll
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    UseSchannelDirectly    REG_BINARY    01000000
    EnableHttp1_1    REG_DWORD    0x1
    PrivDiscUiShown    REG_DWORD    0x1
    WarnOnIntranet    REG_DWORD    0x0
    EnableNegotiate    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    PrivacyAdvanced    REG_DWORD    0x0
    ProxyEnable    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0x28
    CertificateRevocation    REG_DWORD    0x1
    DisableCachingOfSSLPages    REG_DWORD    0x0
    GlobalUserOffline    REG_DWORD    0x0
    UrlEncoding    REG_DWORD    0x0
    WarnOnPost    REG_BINARY    01000000
    WarnonZoneCrossing    REG_DWORD    0x1
    ZonesSecurityUpgradeDone    REG_DWORD    0x1
    EnableAutodial    REG_DWORD    0x0
    NoNetAutodial    REG_DWORD    0x0
    ProxyServer    REG_SZ    http=127.0.0.1:5555
    ProxyOverride    REG_SZ    <local>
    WarnonBadCertRecving    REG_DWORD    0x1
    WarnOnPostRedirect    REG_DWORD    0x0
    WarnOnHTTPSToHTTPRedirect    REG_DWORD    0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Disable Script Debugger    REG_SZ    yes
    Anchor Underline    REG_SZ    yes
    Cache_Update_Frequency    REG_SZ    Once_Per_Session
    CompatibilityFlags    REG_DWORD    0x0
    DisableScriptDebuggerIE    REG_SZ    yes
    Display Inline Images    REG_SZ    yes
    Do404Search    REG_BINARY    01000000
    Enable Browser Extensions    REG_SZ    yes
    Error Dlg Displayed On Every Error    REG_SZ    no
    FullScreen    REG_SZ    no
    Local Page    REG_SZ    C:\Windows\system32\blank.htm
    NoJITSetup    REG_DWORD    0x1
    NotifyDownloadComplete    REG_SZ    yes
    NoUpdateCheck    REG_DWORD    0x1
    NoWebJITSetup    REG_DWORD    0x1
    Play_Animations    REG_SZ    yes
    Play_Background_Sounds    REG_SZ    yes
    RunOnceComplete    REG_DWORD    0x1
    RunOnceHasShown    REG_DWORD    0x1
    Save_Session_History_On_Exit    REG_SZ    no
    Search Page    REG_SZ    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchMigrated    REG_DWORD    0x1
    Show_FullURL    REG_SZ    no
    Show_StatusBar    REG_SZ    yes
    Show_ToolBar    REG_SZ    yes
    Show_URLinStatusBar    REG_SZ    yes
    Show_URLToolBar    REG_SZ    yes
    Start Page    REG_SZ    http://www.google.com/
    StartPageCache    REG_DWORD    0x1
    Use FormSuggest    REG_SZ    no
    Use_DlgBox_Colors    REG_SZ    yes
    UseClearType    REG_SZ    no
    Window_Placement    REG_BINARY    2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF4203000000000000620600 0044030000
    XMLHTTP    REG_DWORD    0x1
    Use Custom Search URL    REG_DWORD    0x1
    FormSuggest PW Ask    REG_SZ    no
    AutoHide    REG_SZ    no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
    CustomizeSearch    REG_SZ    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    SearchAssistant    REG_SZ    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}    REG_SZ   
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}    REG_SZ   
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}    REG_SZ   


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}    REG_SZ    McAfee SiteAdvisor
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}    REG_BINARY    00
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}    REG_BINARY    00


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send image to &Bluetooth Device...
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...
 
 
Security Center
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
    cval    REG_DWORD    0x1
    FirewallDisableNotify    REG_DWORD    0x0
    AntiVirusDisableNotify    REG_DWORD    0x0
    UpdatesDisableNotify    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
    AntiVirusOverride    REG_DWORD    0x0
    AntiSpywareOverride    REG_DWORD    0x0
    FirewallOverride    REG_DWORD    0x0
    VistaSp1    REG_NONE    5CA0485DD75BC801

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
    EnableFirewall    REG_DWORD    0x0
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging

 
 
Uninstall List
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Audio FX Engine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced Video FX Engine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11b Network Adapter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyTrans Suite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative OEM002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVD Decrypter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy DVD Ripper & Converter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoToAssist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPOCR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885884
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Multi Virus Cleaner 2008_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF4.0.2.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop for HP Supplies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XviD & MP3 Codec Pack_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XviD_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08CA9554-B5FE-4313-938F-D4A417B81175}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08E81ABD-79F7-49C2-881F-FD6CB0975693}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F7C2E47-089E-4d23-B9F7-39BE00100776}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12A76360-388E-4B27-ABEB-D5FC5378DD2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{162d74e4-7d6d-4949-8018-50e96e314696}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18669FF9-C8FE-407a-9F70-E674896B1DB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18D10072035C4515918F7E37EAFAACFC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34BFB099-07B2-4E95-A673-7362D60866A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36FDBE6E-6684-462b-AE98-9A39A1B200CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5386F5-C0F6-4532-A54A-374865AEAB71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ACE69F0-A3E8-44eb-88C1-0A841E700180}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6047DB78-174F-48BD-BDD3-B439E48F197E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62230596-37E5-4618-A329-0D21F529A86F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{679EC478-3FF9-4987-B2FF-C2C2B27532A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6846389C-BAC0-4374-808E-B120F86AF5D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{687FEF8A-8597-40b4-832C-297EA3F35817}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B437F94-056F-4791-AF2C-0D10E2706AF0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7585478E9D9B42108671C12F8714CEFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76F9CF97-FC4B-4E20-B363-D127C888448F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80533B67-C407-485D-8B5D-63BB8ED9D878}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87E2B986-07E8-477a-93DC-AF0B6758B192}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89CEAE14-DD0F-448E-9554-15781EC9DB24}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0020-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F70BF98-003C-491D-81FC-FF9792206AF0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A07840FC-CE63-4CB8-8030-EF4B9805925A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81200000003}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ADFB9653-F44C-460C-BF58-189CC552DFFE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13A7C41581B411290FBC0395694E2A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b9be267c-e096-4cce-a4fd-f24eec004938}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c4549405-195f-4450-8865-6be9dc5ad136}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4972073-2BFE-475D-8441-564EA97DA161}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCB9B81A-167F-4832-B305-D2A0430840B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5BA7C09-E523-478C-9C37-A1D86C76383E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D7769185-9A7C-48D4-8874-5388743A1DE2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D99A8E3A-AE5A-4692-8B19-6F16D454E240}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD3C88A0-C53C-41D0-A21B-6D021981D23E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1418972-A001-4BE0-9581-6CAEB072D72E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F63A3748-B93D-4360-9AD4-B064481A5C7B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE54D686-ACC0-42db-A46B-987A5B6D8325}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player
 
 
Autorun
 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    swg    REG_SZ    "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    ehTray.exe    REG_SZ    C:\Windows\ehome\ehTray.exe


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Defender    REG_EXPAND_SZ    %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    IgfxTray    REG_SZ    C:\Windows\system32\igfxtray.exe
    HotKeysCmds    REG_SZ    C:\Windows\system32\hkcmd.exe
    Persistence    REG_SZ    C:\Windows\system32\igfxpers.exe
    Apoint    REG_SZ    C:\Program Files\DellTPad\Apoint.exe
    SigmatelSysTrayApp    REG_EXPAND_SZ    %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    OEM02Mon.exe    REG_SZ    C:\Windows\OEM02Mon.exe
    Broadcom Wireless Manager UI    REG_SZ    C:\Windows\system32\WLTRAY.exe
    DELL Webcam Manager    REG_SZ    "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    dscactivate    REG_SZ    "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    ECenter    REG_SZ    C:\Dell\E-Center\EULALauncher.exe
    Google Desktop Search    REG_SZ    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"
    mcagent_exe    REG_SZ    C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    PCMService    REG_SZ    "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre6\bin\jusched.exe"
    HP Software Update    REG_SZ    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    hpqSRMon    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    Malwarebytes Anti-Malware (reboot)    REG_SZ    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
 
 
Restrictions - Internet Explorer
 

 
 
Restrictions - REGEDIT
 

 
 
Restrictions - Explorer
 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoDrives    REG_DWORD    0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
 
 
ActiveX
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
 
 
DNS Settings
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BB6BB87-D326-4740-8DAB-A033701BEFA0}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A094F1BF-EE84-4CE5-818A-22DB4A47BA44}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ab62bb52-418c-11dd-a829-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B09CC424-A0A8-4DC3-9A5B-364BFD045AB3}

Windows IP Configuration

   Host Name . . . . . . . . . . . . : KVIEHL-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
   Physical Address. . . . . . . . . : 00-16-44-CE-8A-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-1D-09-55-42-24
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection*:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{2BB6BB87-D326-4740-8DAB-A033701BEFA0}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.gateway.2wire.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{B09CC424-A0A8-4DC3-9A5B-364BFD045AB3}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
 
AppInit DLLs
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs    REG_SZ    C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

 
 
Shell Service Object Delay Load
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck    REG_SZ    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

 
 
 
Shell Execute Hooks
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}    REG_SZ   

 
 
Image File Execution Options
 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
 
 
Security Providers
 
 
 
Local Security Authority
 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    auditbasedirectories    REG_DWORD    0x0
    auditbaseobjects    REG_DWORD    0x0
    Authentication Packages    REG_MULTI_SZ    msv1_0
    Bounds    REG_BINARY    0030000000200000
    crashonauditfail    REG_DWORD    0x0
    disabledomaincreds    REG_DWORD    0x0
    everyoneincludesanonymous    REG_DWORD    0x0
    forceguest    REG_DWORD    0x0
    fullprivilegeauditing    REG_BINARY    00
    LimitBlankPasswordUse    REG_DWORD    0x1
    LmCompatibilityLevel    REG_DWORD    0x3
    LsaPid    REG_DWORD    0x2a4
    NoLmHash    REG_DWORD    0x1
    Notification Packages    REG_MULTI_SZ    scecli
    ProductType    REG_DWORD    0x3
    restrictanonymous    REG_DWORD    0x0
    restrictanonymoussam    REG_DWORD    0x1
    SecureBoot    REG_DWORD    0x1
    Security Packages    REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0tspkg
    enabledcom    REG_SZ    y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
 
 
SafeBoot
 
 
 
AppCert DLLs
 

 
 
Extra
 

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\10
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\11
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\12
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\13
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\14
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\3
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\4
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\5
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\6
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\7
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\8
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\9
 
 
App Paths
 

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
    (Default)    REG_SZ    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    Path    REG_SZ    C:\Program Files\Adobe\Reader 8.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
    CmstpExtensionDll    REG_SZ    C:\Windows\system32\cmcfg32.dll
    CmNative    REG_DWORD    0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
    (Default)    REG_SZ    C:\Users\Kurt Viehl\Desktop\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CT4IM.exe
    (Default)    REG_SZ    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Avatar\CT4IM.exe
    Path    REG_SZ    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Avatar

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CtAfxApp.exe
    (Default)    REG_SZ    C:\Program Files\Creative Live! Cam\AudioFX\CtAfxApp.exe
    Path    REG_SZ    C:\Program Files\Creative Live! Cam\AudioFX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTIEMain.exe
    (Default)    REG_SZ    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Avatar Creator\CT Program\CTIEMain.exe
    Path    REG_SZ    C:\Program Files\Creative\Creative Live! Cam\Live! Cam Avatar Creator

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DellWMgr.exe
    (Default)    REG_SZ    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    Path    REG_SZ    C:\Program Files\Dell\Dell Webcam Manager

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
    (Default)    REG_SZ    C:\Program Files\Digital Line Detect\DLG.exe
    Path    REG_SZ    C:\Program Files\Digital Line Detect

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DModem.exe
    Path    REG_SZ    C:\Program Files\Modem Diagnostic Tool\
    (Default)    REG_SZ    C:\PROGRA~1\MODEMD~1\DModem.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Movie Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\EDocs.exe
    (Default)    REG_SZ    c:\dell\docs\EDocs.exe
    Path    REG_SZ    c:\dell\docs

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Excel.exe
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    SaveURL    REG_SZ    1
    useURL    REG_SZ    1
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\EyeCatcherEx.dll
    (Default)    REG_SZ    C:\Program Files\Creative Live! Cam\VideoFX\EyeCatcherEx.dll
    Path    REG_SZ    C:\Program Files\Creative Live! Cam\VideoFX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\frontpg.exe
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    useURL    REG_SZ    yes
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\FRONTPG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\fsquirt.exe
    DropTarget    REG_SZ    {047ea9a0-93bb-415f-a1c3-d7aeb3dd5087}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqApKil.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\HpqApKil.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpanos.exe
    Path    REG_SZ    C:\Program Files\Common Files\HP\Digital Imaging\Bin
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\hpqpanos.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPSApl.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\Common Files\HP\Digital Imaging\bin
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\HpqPSApl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpsapp.exe
    Path    REG_SZ    C:\Program Files\Common Files\HP\Digital Imaging\bin
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpse.exe
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\Bin\hpqpse.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\Bin\;C:\Program Files\Common Files\HP\Digital Imaging\Bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqqpawp.exe
    Path    REG_SZ    C:\Program Files\Common Files\HP\Digital Imaging\Bin
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\Bin\hpqqpawp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqSRmon.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqSSupply.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\hpqSSupply.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Hpqsudi.exe
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\Bin\hpqsudi.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\;C:\Program Files\Common Files\HP\Digital Imaging\Bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqTrMgr.exe
    Path    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\
    (Default)    REG_SZ    C:\Program Files\HP\Digital Imaging\bin\HpqTrMgr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
    (Default)    REG_SZ    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Path    REG_SZ    C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\inkball.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Microsoft Games\inkball\inkball.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
    BlockOnTSNonInstallMode    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
    (Default)    REG_SZ    C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
    (Default)    REG_SZ    C:\Program Files\Java\jre6\bin\javaws.exe
    Path    REG_SZ    C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LiveCamDe.exe
    (Default)    REG_SZ    C:\Pr

[craker33]

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MDirect.exe
    (Default)    REG_SZ    C:\Program Files\Dell\MediaDirect\MDirect.exe
    Path    REG_SZ    C:\Program Files\Dell\MediaDirect

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Media Player\wmplayer.exe
    Path    REG_EXPAND_SZ    %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    useURL    REG_SZ    1
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\MSACCESS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
    useURL    REG_SZ    1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\msworks.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\netwaiting.exe
    (Default)    REG_SZ    C:\Program Files\NetWaiting\netwaiting.exe
    Path    REG_SZ    C:\Program Files\NetWaiting

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\mspaint.exe
    Path    REG_EXPAND_SZ    %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
    (Default)    REG_SZ    C:\Program Files\QuickTime\PictureViewer.exe
    Path    REG_SZ    C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerPnt.exe
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    SaveURL    REG_SZ    1
    useURL    REG_SZ    1
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\POWERPNT.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
    (Default)    REG_SZ    C:\Program Files\QuickTime\QuickTimePlayer.exe
    Path    REG_SZ    C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central36.exe
    (Default)    REG_SZ    C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
    Path    REG_SZ    C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
    BlockOnTSNonInstallMode    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
    (Default)    REG_EXPAND_SZ    C:\Windows\System32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\StartFX.exe
    (Default)    REG_SZ    C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe
    Path    REG_SZ    C:\Program Files\Creative Live! Cam\VideoFX

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stax.exe
    (Default)    REG_SZ    C:\Program Files\Roxio\stax.exe
    Path    REG_SZ    C:\Program Files\Roxio\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stikynot.exe
    (Default)    REG_EXPAND_SZ    C:\Windows\System32\stikynot.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
    UseShortName    REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
    (Default)    REG_EXPAND_SZ    %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\wab.exe
    Path    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
    (Default)    REG_SZ    C:\Program Files\WinRAR\WinRAR.exe
    Path    REG_SZ    C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
    Path    REG_SZ    C:\Program Files\Microsoft Office\Office10\
    SaveURL    REG_SZ    1
    useURL    REG_SZ    1
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~3\Office10\WINWORD.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\WKSAB.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\
    (Default)    REG_SZ    C:\PROGRA~1\MICROS~4\WksCal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\wksdb.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\WKSSB.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\wksss.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
    (Default)    REG_SZ    C:\Program Files\Microsoft Works\wkswp.exe
    Path    REG_SZ    C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Media Player\wmplayer.exe
    Path    REG_EXPAND_SZ    %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
    (Default)    REG_SZ    "C:\Windows\System32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\YourApp.exe
    (Default)    REG_SZ    C:\Program Files\Dell\MediaDirect\MDirect.exe

 
 
Mozilla
 

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
    {B7082FAA-CB62-4872-9106-E42DD88EDE45}    REG_SZ    C:\Program Files\McAfee\SiteAdvisor
    {20a82645-c095-46ed-80e3-08825760534b}    REG_SZ    c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 
 
Shared Task Scheduler
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {8C7461EF-2B13-11d2-BE35-3078302C2030}    REG_SZ    Component Categories cache daemon

 
 
SafeBootMinimal
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
 
 
SafeBootNetwork
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
 
 
File Rename Operations - Session
 

 
 
Known DLLs - Session
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
    clbcatq    REG_SZ    clbcatq.dll
    ole32    REG_SZ    ole32.dll
    advapi32    REG_SZ    advapi32.dll
    COMDLG32    REG_SZ    COMDLG32.dll
    DllDirectory    REG_EXPAND_SZ    %SystemRoot%\system32
    gdi32    REG_SZ    gdi32.dll
    IERTUTIL    REG_SZ    IERTUTIL.dll
    IMAGEHLP    REG_SZ    IMAGEHLP.dll
    IMM32    REG_SZ    IMM32.dll
    kernel32    REG_SZ    kernel32.dll
    LPK    REG_SZ    LPK.dll
    MSCTF    REG_SZ    MSCTF.dll
    MSVCRT    REG_SZ    MSVCRT.dll
    NORMALIZ    REG_SZ    NORMALIZ.dll
    NSI    REG_SZ    NSI.dll
    OLEAUT32    REG_SZ    OLEAUT32.dll
    rpcrt4    REG_SZ    rpcrt4.dll
    Setupapi    REG_SZ    Setupapi.dll
    SHELL32    REG_SZ    SHELL32.dll
    SHLWAPI    REG_SZ    SHLWAPI.dll
    URLMON    REG_SZ    URLMON.dll
    user32    REG_SZ    user32.dll
    USP10    REG_SZ    USP10.dll
    WININET    REG_SZ    WININET.dll
    WLDAP32    REG_SZ    WLDAP32.dll
    WS2_32    REG_SZ    WS2_32.dll

 
 
Adobe Products
 
 
 
{END OF FILE}

[Dr Jay]

Please use Internet Explorer and run a BitDefender Online scan

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

[craker33]

Jay - It told me that I am not running IE with admin rights so it wasn't updating before the scan.

Then I ran the scan and it failed.

[Dr Jay]

Try to right-click on Internet Explorer and click Run as Administrator, and try again please.

[craker33]

I tried that, it is not an option for some reason with IE

[craker33]

Okay got it working now I will post results as soon as possible.

[Dr Jay]

ok

[craker33]

Time; 1:37:21
Objects - 296746
Folders - 25794
Boot Sectors - 0
Archives - 5661
Packed files - 9924

RESULTS

Identified viruses - 12
Infected Files - 22
Suspect files - 0
Warnings - 0
Disinfected files - 0
Deleted files 21




BitDefender Online Scanner - Real Time Virus Report 
Generated at: Wed, Jun 16, 2010 - 14:43:54



   
Scan Info 
Scanned Files322630
Infected Files22
 
   
Virus Detected 
Trojan.KillAV.SE1
Trojan.Generic.17294521
Exploit.PDF-Payload.Gen1
Trojan.Generic.KD.151151
Trojan.Generic.10933302
Trojan.FakeAV.KZQ6
Adware.FakeAntiVirus.L3
Trojan.JS.Injector.E1
Trojan.JS.Injector.F1
Trojan.Generic.3438522
Trojan.Generic.3937932
Trojan.Generic.3685051
 
   
 


 
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

[Dr Jay]

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.