Author Topic: Virus help needed (Read 10041 times)

duhkate · « **on:** July 02, 2010, 06:52:53 PM »

Hi, thanks for reading. I think I have some kind of virus on my computer. The following issues I've been encountering:

1. When I go to google, it wont let me go to certain pages
2. Last night, my computer would not let me go to windows update, or web pages of windows/microsoft
3. Random tabs would pop up to various websites that I did not click to
4. My browser would get minimized w/o me doing it
4. My purchased Zone Alarm says its running, but I get a balloon that pops up that says my firewall and anti-virus are not running
5. In the address box up top, sometimes it looks odd, like h ttp://www.google.com/#hl=en&&sa=X&ei=E3ouTKTzG4mDnQef7enkAw&ved=0CBYQBSgA&q=internet+address+virus&spell=1&fp=dd2d1939af06a5a for example. My laptop is starting to do that to, and I fear I might have infected my laptop when I used the jump drive to transfer the downloaded files.

I have read "before you post" threads thoroughly and have downloaded the various tools, and it seemed to work earlier today, but I am now at a point where I cannot even connect to the internet. I know my internet is working b/c I am using my laptop to post this.

Any help would be appreciated. Thanks for your time.

Dr Jay · « **Reply #1 on:** July 02, 2010, 07:33:16 PM »

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not attach logs or post them in Quote/Code boxes unless requested.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download MySystem-Search from here: Download mirror

Save the file to your Desktop.
Double-click on mss.exe
Allow it to run, and follow the prompts.
Once done, it will launch a log.
Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

duhkate · « **Reply #2 on:** July 02, 2010, 07:43:38 PM »

from mss.txt

MySystem-Search

MSS v1.5

Basic System Information

Username: Kate - Date: 07/02/2010 - Time: 18:40:12

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Total processors: 4
Computer Name: ONE
Logon Server: \\ONE

CD Emulation Drivers running?

Nero found!

Peer-to-Peer applications?

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

Hidden objects

PATH: C:\windows

$hf_mig$
$NtUninstallKB898461$
$NtUninstallKB923561$
$NtUninstallKB923689$
$NtUninstallKB938464-v2$
$NtUninstallKB941569$
$NtUninstallKB946648$
$NtUninstallKB950762$
$NtUninstallKB950974$
$NtUninstallKB951066$
$NtUninstallKB951376-v2$
$NtUninstallKB951748$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952954$
$NtUninstallKB954155_WM9$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956844$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB960225$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371$
$NtUninstallKB961501$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969897$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB971961$
$NtUninstallKB972260$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974455$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975562$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB976325$
$NtUninstallKB976749$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978207$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978695_WM9$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979402_WM9$
$NtUninstallKB979482$
$NtUninstallKB979559$
$NtUninstallKB979683$
$NtUninstallKB980182$
$NtUninstallKB980195$
$NtUninstallKB980218$
$NtUninstallKB980232$
$NtUninstallKB981349$
$NtUninstallKB981793$
$NtUninstallKB982381$
$NtUninstallWdf01005$
$NtUninstallwinusb0100$
ie8
inf
Installer
WindowsShell.Manifest
winnt.bmp
winnt256.bmp

PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
logonui.exe.manifest
mlfcache.dat
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest
zllictbl.dat

PATH: C:\windows\system32\drivers

MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
Msft_Kernel_NuidFltr_01005.Wdf

PATH: C:\

boot.ini
cmdcons
IO.SYS
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
RECYCLER
System Volume Information

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings
DefaultUserProfile   REG_SZ   Default User
AllUsersProfile   REG_SZ   All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags   REG_DWORD   0xc
State   REG_DWORD   0x0
RefCount   REG_DWORD   0x1
Sid   REG_BINARY   010100000000000512000000
ProfileImagePath   REG_EXPAND_SZ   %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\LocalService
Sid   REG_BINARY   010100000000000513000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x9e063804
ProfileLoadTimeHigh   REG_DWORD   0x1cb1a42
RefCount   REG_DWORD   0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\NetworkService
Sid   REG_BINARY   010100000000000514000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x9debfe26
ProfileLoadTimeHigh   REG_DWORD   0x1cb1a42
RefCount   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-57989841-1532298954-1417001333-1004
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Kate
Sid   REG_BINARY   010500000000000515000000D1DA7403CA06555 B75B97554EC030000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x100
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xa3801ebc
ProfileLoadTimeHigh   REG_DWORD   0x1cb1a42
RefCount   REG_DWORD   0x2
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
desktop.ini
SA.DAT

Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 8C91-7E71

Directory of C:\Windows\System32\Drivers

07/17/2009 07:25 AM 0 MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
07/17/2009 07:25 AM 0 Msft_Kernel_NuidFltr_01005.Wdf
2 File(s) 0 bytes
0 Dir(s) 68,662,697,984 bytes free
Volume in drive C has no label.
Volume Serial Number is 8C91-7E71

Directory of C:\Windows\System32\Drivers

08/17/2001 06:46 AM 6,400 enum1394.sys
08/17/2001 06:59 AM 3,072 audstub.sys
08/17/2001 01:48 PM 12,160 mouhid.sys
08/18/2001 05:00 AM 5,888 rootmdm.sys
08/18/2001 05:00 AM 11,648 acpiec.sys
08/18/2001 05:00 AM 12,032 riodrv.sys
08/18/2001 05:00 AM 4,352 wmilib.sys
08/18/2001 05:00 AM 12,032 rio8drv.sys
08/18/2001 05:00 AM 4,224 rdpcdd.sys
08/18/2001 05:00 AM 34,432 rawwan.sys
08/18/2001 05:00 AM 16,512 raspti.sys
08/18/2001 05:00 AM 8,832 rasacd.sys
08/18/2001 05:00 AM 17,792 ptilink.sys
08/18/2001 05:00 AM 3,328 pciide.sys
08/18/2001 05:00 AM 31,360 atmepvc.sys
08/18/2001 05:00 AM 14,592 smclib.sys
08/18/2001 05:00 AM 352,256 atmuni.sys
08/18/2001 05:00 AM 51,712 tosdvd.sys
08/18/2001 05:00 AM 4,224 beep.sys
08/18/2001 05:00 AM 3,456 oprghdlr.sys
08/18/2001 05:00 AM 55,936 nwlnkspx.sys
08/18/2001 05:00 AM 63,232 nwlnknb.sys
08/18/2001 05:00 AM 32,512 nwlnkfwd.sys
08/18/2001 05:00 AM 13,952 cbidf2k.sys
08/18/2001 05:00 AM 18,688 cdaudio.sys
08/18/2001 05:00 AM 12,416 nwlnkflt.sys
08/18/2001 05:00 AM 2,944 null.sys
08/18/2001 05:00 AM 4,736 usbd.sys
08/18/2001 05:00 AM 12,032 nikedrv.sys
08/18/2001 05:00 AM 262,528 cinemst2.sys
08/18/2001 05:00 AM 6,784 parvdm.sys
08/18/2001 05:00 AM 11,776 cpqdap01.sys
08/18/2001 05:00 AM 21,376 tsbvcap.sys
08/18/2001 05:00 AM 4,224 mnmdd.sys
08/18/2001 05:00 AM 7,680 mcd.sys
08/18/2001 05:00 AM 58,112 vdmindvd.sys
08/18/2001 05:00 AM 32,896 ipfltdrv.sys
08/18/2001 05:00 AM 646 gmreadme.txt
08/18/2001 05:00 AM 5,888 dmload.sys
08/18/2001 05:00 AM 3,440,660 gm.dls
08/18/2001 05:00 AM 125,056 ftdisk.sys
08/18/2001 05:00 AM 7,936 fs_rec.sys
08/18/2001 05:00 AM 10,496 dxapi.sys
08/18/2001 05:00 AM 12,160 fsvga.sys
08/18/2001 05:00 AM 3,328 dxgthk.sys
08/18/2001 05:00 AM 12,032 ws2ifsl.sys
07/20/2004 12:41 AM 16,512 aspi32.sys
08/11/2004 01:45 AM 18,944 wpdusb.sys
06/01/2005 08:37 PM 463,872 BLKWGD.sys
11/02/2006 07:00 AM 39,368 winusb.sys
11/02/2006 07:22 AM 32,224 wdfldr.sys
11/02/2006 07:22 AM 492,000 wdf01000.sys
03/09/2007 05:04 PM 31,072 iqvw32.sys
03/13/2007 01:05 PM 44,672 HECI.sys
09/29/2007 11:03 PM 308,248 iaStor.sys
01/31/2008 06:05 PM 54,272 sfng32.sys
01/31/2008 06:05 PM 1,222,840 sthda.sys
01/31/2008 06:05 PM 114,576 ianswxp.sys
01/31/2008 06:06 PM 254,872 e1e5132.sys
04/13/2008 05:10 PM 57,600 redbook.sys
04/13/2008 10:06 PM 144,384 hdaudbus.sys
04/13/2008 10:09 PM 20,480 secdrv.sys
04/13/2008 10:09 PM 142,592 aec.sys
04/14/2008 12:01 AM 36,352 intelppm.sys
04/14/2008 12:02 AM 66,048 udfs.sys
04/14/2008 12:02 AM 19,072 msfs.sys
04/14/2008 12:02 AM 30,848 npfs.sys
04/14/2008 12:02 AM 180,608 mrxdav.sys
04/14/2008 12:02 AM 196,224 rdpdr.sys
04/14/2008 12:03 AM 129,792 fltMgr.sys
04/14/2008 12:03 AM 44,544 fips.sys
04/14/2008 12:06 AM 187,776 acpi.sys
04/14/2008 12:06 AM 37,248 isapnp.sys
04/14/2008 12:06 AM 120,192 pcmcia.sys
04/14/2008 12:06 AM 68,224 pci.sys
04/14/2008 12:06 AM 79,232 sdbus.sys
04/14/2008 12:06 AM 73,472 sr.sys
04/14/2008 12:08 AM 71,168 dxg.sys
04/14/2008 12:09 AM 24,576 kbdclass.sys
04/14/2008 12:09 AM 23,040 mouclass.sys
04/14/2008 12:09 AM 384,768 update.sys
04/14/2008 12:09 AM 42,368 mountmgr.sys
04/14/2008 12:09 AM 14,592 kbdhid.sys
04/14/2008 12:09 AM 5,376 MSPCLOCK.sys
04/14/2008 12:09 AM 4,992 MSPQM.sys
04/14/2008 12:09 AM 7,552 MSKSSRV.sys
04/14/2008 12:10 AM 15,744 serenum.sys
04/14/2008 12:10 AM 20,480 flpydisk.sys
04/14/2008 12:10 AM 27,392 fdc.sys
04/14/2008 12:10 AM 24,960 pciidex.sys
04/14/2008 12:10 AM 96,384 scsiport.sys
04/14/2008 12:10 AM 96,512 atapi.sys
04/14/2008 12:10 AM 14,208 diskdump.sys
04/14/2008 12:10 AM 36,352 disk.sys
04/14/2008 12:10 AM 11,904 sffdisk.sys
04/14/2008 12:10 AM 62,976 cdrom.sys
04/14/2008 12:10 AM 11,008 sffp_sd.sys
04/14/2008 12:10 AM 11,392 sfloppy.sys
04/14/2008 12:10 AM 19,712 partmgr.sys
04/14/2008 12:10 AM 10,240 sffp_mmc.sys
04/14/2008 12:10 AM 14,976 tape.sys
04/14/2008 12:11 AM 42,112 imapi.sys
04/14/2008 12:11 AM 52,352 volsnap.sys
04/14/2008 12:14 AM 81,664 videoprt.sys
04/14/2008 12:14 AM 20,992 vga.sys
04/14/2008 12:14 AM 153,344 dmio.sys
04/14/2008 12:14 AM 799,744 dmboot.sys
04/14/2008 12:15 AM 52,864 DMusic.sys
04/14/2008 12:15 AM 6,272 splitter.sys
04/14/2008 12:15 AM 56,576 swmidi.sys
04/14/2008 12:15 AM 172,416 kmixer.sys
04/14/2008 12:15 AM 2,944 drmkaud.sys
04/14/2008 12:15 AM 49,408 stream.sys
04/14/2008 12:15 AM 60,160 drmk.sys
04/14/2008 12:15 AM 24,960 hidparse.sys
04/14/2008 12:15 AM 10,368 hidusb.sys
04/14/2008 12:15 AM 36,864 hidclass.sys
04/14/2008 12:15 AM 30,208 usbehci.sys
04/14/2008 12:15 AM 20,608 usbuhci.sys
04/14/2008 12:15 AM 59,520 usbhub.sys
04/14/2008 12:15 AM 143,872 usbport.sys
04/14/2008 12:15 AM 32,128 usbccgp.sys
04/14/2008 12:15 AM 26,368 usbstor.sys
04/14/2008 12:16 AM 61,696 ohci1394.sys
04/14/2008 12:16 AM 53,376 1394bus.sys
04/14/2008 12:21 AM 59,904 atmarpc.sys
04/14/2008 12:21 AM 55,808 atmlane.sys
04/14/2008 12:23 AM 40,320 nmnt.sys
04/14/2008 12:23 AM 71,552 bridge.sys
04/14/2008 12:23 AM 36,608 ip6fw.sys
04/14/2008 12:24 AM 11,264 irenum.sys
04/14/2008 12:26 AM 34,688 netbios.sys
04/14/2008 12:26 AM 88,320 nwlnkipx.sys
04/14/2008 12:26 AM 35,072 msgpc.sys
04/14/2008 12:26 AM 69,120 psched.sys
04/14/2008 12:26 AM 30,592 rndismp.sys
04/14/2008 12:26 AM 12,800 usb8023.sys
04/14/2008 12:27 AM 20,864 ipinip.sys
04/14/2008 12:27 AM 152,832 ipnat.sys
04/14/2008 12:27 AM 34,560 wanarp.sys
04/14/2008 12:27 AM 14,336 asyncmac.sys
04/14/2008 12:27 AM 10,112 ndistapi.sys
04/14/2008 12:27 AM 40,576 ndproxy.sys
04/14/2008 12:27 AM 41,472 raspppoe.sys
04/14/2008 12:30 AM 19,072 tdi.sys
04/14/2008 12:44 AM 63,744 cdfs.sys
04/14/2008 12:44 AM 143,744 fastfat.sys
04/14/2008 12:45 AM 64,512 serial.sys
04/14/2008 12:45 AM 574,976 ntfs.sys
04/14/2008 12:45 AM 60,800 sysaudio.sys
04/14/2008 12:46 AM 49,536 classpnp.sys
04/14/2008 12:46 AM 141,056 ks.sys
04/14/2008 12:47 AM 105,344 mup.sys
04/14/2008 12:47 AM 83,072 wdmaud.sys
04/14/2008 12:48 AM 52,480 i8042prt.sys
04/14/2008 12:49 AM 146,048 portcls.sys
04/14/2008 12:49 AM 51,328 rasl2tp.sys
04/14/2008 12:49 AM 48,384 raspptp.sys
04/14/2008 12:50 AM 182,656 ndis.sys
04/14/2008 12:50 AM 91,520 ndiswan.sys
04/14/2008 12:51 AM 162,816 netbt.sys
04/14/2008 12:58 AM 175,744 rdbss.sys
04/14/2008 05:41 AM 21,504 hidserv.dll
04/14/2008 05:43 AM 40,840 termdd.sys
04/14/2008 05:43 AM 12,040 tdpipe.sys
04/14/2008 05:43 AM 21,896 tdtcp.sys
04/14/2008 05:43 AM 139,656 rdpwd.sys
04/14/2008 05:51 AM 25,344 sonydcam.sys
04/14/2008 05:51 AM 42,752 p3.sys
04/14/2008 05:51 AM 15,488 mssmbios.sys
04/14/2008 05:51 AM 36,736 crusoe.sys
04/14/2008 05:51 AM 30,080 modem.sys
04/14/2008 05:51 AM 60,800 arp1394.sys
04/14/2008 05:51 AM 4,352 swenum.sys
04/14/2008 05:51 AM 63,744 mf.sys
04/14/2008 05:51 AM 14,592 ndisuio.sys
04/14/2008 05:51 AM 15,872 usbintel.sys
04/14/2008 05:51 AM 37,760 amdk7.sys
04/14/2008 05:51 AM 12,288 tunmp.sys
04/14/2008 05:51 AM 25,600 usbcamd.sys
04/14/2008 05:51 AM 25,728 usbcamd2.sys
04/14/2008 05:51 AM 61,824 nic1394.sys
04/14/2008 05:51 AM 37,376 amdk6.sys
04/14/2008 05:51 AM 80,128 parport.sys
04/14/2008 05:51 AM 35,840 processr.sys
05/08/2008 07:02 AM 203,136 rmcast.sys
06/10/2008 01:04 PM 31,048 point32.sys
06/13/2008 04:05 AM 272,128 bthport.sys
06/20/2008 04:51 AM 361,600 tcpip.sys
07/25/2008 09:48 PM 6,097,536 nv4_mini.sys
08/14/2008 03:04 AM 138,496 afd.sys
04/28/2009 01:20 PM 44,944 PxHelp20.sys
04/28/2009 01:20 PM 9,072 cdr4_xp.sys
04/28/2009 01:20 PM 9,200 cdralw2k.sys
05/09/2009 01:14 AM 14,736 nuidfltr.sys
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 04:18 AM 92,928 ksecdd.sys
07/14/2009 05:57 AM <DIR> disdn
08/25/2009 01:10 PM 49,904 BVRPMPR5.SYS
08/28/2009 07:42 PM 40,448 usbaapl.sys
10/12/2009 06:15 PM 128,016 kl1.sys
10/12/2009 06:15 PM 317,072 klif.sys
10/20/2009 09:20 AM 265,728 http.sys
12/31/2009 09:50 AM 353,792 srv.sys
02/11/2010 05:02 AM 226,880 tcpip6.sys
02/24/2010 06:11 AM 455,680 mrxsmb.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
05/28/2010 09:56 PM 75,264 ipsec.sys
05/31/2010 01:52 PM <DIR> etc
07/02/2010 04:33 PM <DIR> .
07/02/2010 04:33 PM <DIR> ..
208 File(s) 25,895,234 bytes
4 Dir(s) 68,662,681,600 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kate\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ONE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kate
LOGONSERVER=\\ONE
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kate\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kate\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ONE
USERNAME=Kate
USERPROFILE=C:\Documents and Settings\Kate
windir=C:\WINDOWS

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Search Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache   REG_SZ   yes
Cache_Percent_of_Disk   REG_BINARY   0A000000
Delete_Temp_Files_On_Exit   REG_SZ   yes
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon   REG_BINARY   01000000
Use_Async_DNS   REG_SZ   yes
Placeholder_Width   REG_BINARY   1A000000
Placeholder_Height   REG_BINARY   1A000000
Start Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName   REG_SZ   Microsoft Corporation
Custom_Key   REG_SZ   MICROSO
Wizard_Version   REG_SZ   6.0.2600.0000
FullScreen   REG_SZ   no
Default_Secondary_Page_URL   REG_MULTI_SZ   \0
Extensions Off Page   REG_SZ   about:NoAdd-ons
Security Risk Page   REG_SZ   about:SecurityRisk
Check_Associations   REG_SZ   yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent   REG_SZ   Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag   REG_SZ   5.0
NoNetAutodial   REG_DWORD   0x1
MigrateProxy   REG_DWORD   0x1
EmailName   REG_SZ   IEUser@
AutoConfigProxy   REG_SZ   wininet.dll
MimeExclusionListForCache   REG_SZ   multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost   REG_BINARY   01000000
UseSchannelDirectly   REG_BINARY   01000000
EnableHttp1_1   REG_DWORD   0x1
PrivacyAdvanced   REG_DWORD   0x0
EnableNegotiate   REG_DWORD   0x1
GlobalUserOffline   REG_DWORD   0x0
ProxyEnable   REG_DWORD   0x0
EnableAutodial   REG_DWORD   0x1
PrivDiscUiShown   REG_DWORD   0x1
WarnOnZoneCrossing   REG_DWORD   0x1
ProxyOverride   REG_SZ   *.local
WarnonBadCertRecving   REG_DWORD   0x1
WarnOnPostRedirect   REG_DWORD   0x0
WarnOnHTTPSToHTTPRedirect   REG_DWORD   0x1
UrlEncoding   REG_DWORD   0x0
SecureProtocols   REG_DWORD   0xa0
ZonesSecurityUpgrade   REG_BINARY   04A69FF5381ACB01
DisableCachingOfSSLPages   REG_DWORD   0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck   REG_DWORD   0x1
NoJITSetup   REG_DWORD   0x1
Disable Script Debugger   REG_SZ   yes
Show_ChannelBand   REG_SZ   No
Anchor Underline   REG_SZ   yes
Cache_Update_Frequency   REG_SZ   Once_Per_Session
Display Inline Images   REG_SZ   yes
Do404Search   REG_BINARY   01000000
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit   REG_SZ   no
Show_FullURL   REG_SZ   no
Show_StatusBar   REG_SZ   yes
Show_ToolBar   REG_SZ   yes
Show_URLinStatusBar   REG_SZ   yes
Show_URLToolBar   REG_SZ   yes
Start Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use_DlgBox_Colors   REG_SZ   yes
Search Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
FullScreen   REG_SZ   no
Window_Placement   REG_BINARY   2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFFD4000000E9000000F20300 003F030000
FormSuggest PW Ask   REG_SZ   no
NotifyDownloadComplete   REG_SZ   no
Use FormSuggest   REG_SZ   no
ShowedCheckBrowser   REG_SZ   Yes
Check_Associations   REG_SZ   No
AddToFavoritesExpanded   REG_DWORD   0x0
Enable_MyPics_Hoverbar   REG_SZ   no
XMLHTTP   REG_DWORD   0x1
UseClearType   REG_SZ   yes
Enable Browser Extensions   REG_SZ   yes
Play_Background_Sounds   REG_SZ   yes
Play_Animations   REG_SZ   yes
CompatibilityFlags   REG_DWORD   0x0
IE8RunOnceLastShown   REG_DWORD   0x1
IE8RunOnceLastShown_TIMESTAMP   REG_BINARY   0013F4B63C1ACB01
IE8TourShown   REG_DWORD   0x1
IE8TourShownTime   REG_BINARY   38DC41B83C1ACB01
RunOnceHasShown   REG_DWORD   0x1
RunOnceComplete   REG_DWORD   0x1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}   REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Protocol hijack?

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled   REG_DWORD   0x1
AntiVirusDisableNotify   REG_DWORD   0x0
FirewallDisableNotify   REG_DWORD   0x0
UpdatesDisableNotify   REG_DWORD   0x0
AntiVirusOverride   REG_DWORD   0x0
FirewallOverride   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
EnableFirewall   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\Network Diagnostic\xpnetdiag.exe   REG_SZ   %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe   REG_SZ   %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Ring Factory\RingFactory.exe   REG_SZ   C:\Program Files\Ring Factory\RingFactory.exe:*:Enabled:Ring Factory 3.0
C:\Program Files\Bonjour\mDNSResponder.exe   REG_SZ   C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe   REG_SZ   C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

Uninstall List

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\#1 DVD Audio Ripper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ACE-HIGH MP3 Recorder_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDneXtCOPY XPress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HECI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSofter DVD Audio Ripper Deluxe_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954459

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979402_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981349

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Machinist2DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.5.10)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroMediaHome!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroShowTime!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroVision!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSetDX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ring Factory_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SereneScreen Aquarium

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winusb0100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Suite

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02F6993D-B763-4F40-8F93-2A9CD97586E3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07287123-B8AC-41CE-8346-3D777245C35B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C34B801-6AEC-4667-B053-03A67E2D0415}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216016FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F2A4BD6-E7F1-4619-86FC-A159354441AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3921A67A-5AB1-4E48-9444-C71814CF3027}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A93000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D642E38E-0D24-486C-9A2D-E316DD696F4B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

! REG.EXE VERSION 3.0

duhkate · « **Reply #3 on:** July 02, 2010, 07:52:01 PM »

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Media Player

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0
UninstallString   REG_SZ   C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
DisplayName   REG_SZ   Adobe Acrobat 5.0
InstallSource   REG_SZ   D:\Drivers\Software\Applications\Adobe__Acrobat__Reader\5.0\
VersionMinor   REG_DWORD   0x0
DisplayVersion   REG_SZ   5.0
InstallLocation   REG_SZ   C:\Program Files\Adobe\Acrobat 5.0
URLInfoAbout   REG_SZ   http://www.adobe.com/prodindex/acrobat/main.html
HelpTelephone   REG_SZ
VersionMajor   REG_DWORD   0x5
ModifyPath   REG_SZ   D:\Drivers\Software\Applications\Adobe__Acrobat__Reader\5.0\Setup.exe
Publisher   REG_SZ   Adobe Systems, Inc.
HelpLink   REG_SZ   http://www.adobe.com/prodindex/acrobat/main.html
URLUpdateInfo   REG_SZ   http://www.adobe.com/prodindex/acrobat/main.html
UninstallPath   REG_SZ   C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
DisplayName   REG_SZ   Adobe Flash Player 10 ActiveX
DisplayVersion   REG_SZ   10.0.45.2
Publisher   REG_SZ   Adobe Systems Incorporated
URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
VersionMajor   REG_SZ   10
VersionMinor   REG_SZ   0
HelpLink   REG_SZ   http://www.adobe.com/go/flashplayer_support/
URLUpdateInfo   REG_SZ   http://www.adobe.com/go/flashplayer/
DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
RequiresIESysFile   REG_SZ   4.70.0.1155
NoModify   REG_DWORD   0x1
NoRepair   REG_DWORD   0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
DisplayName   REG_SZ   Adobe Flash Player 10 Plugin
Publisher   REG_SZ   Adobe Systems Incorporated
DisplayVersion   REG_SZ   10.1.53.7
HelpLink   REG_SZ   http://www.adobe.com/go/flashplayer_support/
NoModify   REG_DWORD   0x1
NoRepair   REG_DWORD   0x1
RequiresIESysFile   REG_SZ   4.70.0.1155
URLInfoAbout   REG_SZ   http://www.adobe.com
URLUpdateInfo   REG_SZ   http://www.adobe.com/go/getflashplayer/
VersionMajor   REG_DWORD   0xa
VersionMinor   REG_DWORD   0x1
UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
EstimatedSize   REG_DWORD   0x1800

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}   REG_SZ   "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
ctfmon.exe   REG_SZ   C:\WINDOWS\system32\ctfmon.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
IAAnotif   REG_SZ   "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
SigmatelSysTrayApp   REG_SZ   sttray.exe
NvCplDaemon   REG_SZ   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz   REG_SZ   nwiz.exe /install
NvMediaCenter   REG_SZ   RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
itype   REG_SZ   "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint   REG_SZ   "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
NeroFilterCheck   REG_SZ   C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
SunJavaUpdateSched   REG_SZ   "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
QuickTime Task   REG_SZ   "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper   REG_SZ   "C:\Program Files\iTunes\iTunesHelper.exe"
ZoneAlarm Client   REG_SZ   "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Adobe Reader Speed Launcher   REG_SZ   "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun   REG_DWORD   0x143
NoDriveAutoRun   REG_DWORD   0x3ffffff
NoDrives   REG_DWORD   0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C4311C1-0591-4282-A0FF-D606234C0B37}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{471A0DE5-73B0-4D8A-8382-AC4FB7ABF918}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6DC803A8-D594-46EC-9482-09B4CD302529}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{768AD7D2-F647-4B77-980C-79725504F030}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A7DF2330-14E1-41B7-B93F-097094358D2E}

Windows IP Configuration

An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

AppInit DLLs

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder   REG_SZ   {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn   REG_SZ   {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck   REG_SZ   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray   REG_SZ   {35CEC8A3-2BE6-11D2-8773-92E220524153}

Shell Execute Hooks

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972}   REG_SZ
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}   REG_SZ

Image File Execution Options

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages   REG_MULTI_SZ   msv1_0\0\0
Bounds   REG_BINARY   0030000000200000
Security Packages   REG_MULTI_SZ   kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun   REG_DWORD   0x1
LsaPid   REG_DWORD   0x250
SecureBoot   REG_DWORD   0x1
auditbaseobjects   REG_DWORD   0x0
crashonauditfail   REG_DWORD   0x0
disabledomaincreds   REG_DWORD   0x0
everyoneincludesanonymous   REG_DWORD   0x0
fipsalgorithmpolicy   REG_DWORD   0x0
forceguest   REG_DWORD   0x1
fullprivilegeauditing   REG_BINARY   00
limitblankpassworduse   REG_DWORD   0x1
lmcompatibilitylevel   REG_DWORD   0x0
nodefaultadminowner   REG_DWORD   0x1
nolmhash   REG_DWORD   0x0
restrictanonymous   REG_DWORD   0x0
restrictanonymoussam   REG_DWORD   0x1
Notification Packages   REG_MULTI_SZ   scecli\0\0
enabledcom   REG_SZ   y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths
Path   REG_SZ   C:\Program Files\SigmaTel\C-Major Audio
<NO NAME>   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\#1 DVD Audio Ripper.exe
<NO NAME>   REG_SZ   C:\Program Files\NO1 DVD Audio Ripper\#1 DVD Audio Ripper.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
Path   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\
<NO NAME>   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Aquarium.exe
Path   REG_SZ   C:\Program Files\SereneScreen\Aquarium
<NO NAME>   REG_SZ   C:\Program Files\SereneScreen\Aquarium\Aquarium.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
<NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
<NO NAME>   REG_SZ   C:\Program Files\CCleaner\ccleaner.exe
Path   REG_SZ   C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
<NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
<NO NAME>   REG_SZ   C:\WINDOWS\system32\cmmgr32.exe
Path   REG_SZ   C:\WINDOWS\system32
CmstpExtensionDll   REG_SZ   C:\WINDOWS\system32\cmcfg32.dll
CMInternalVersion   REG_SZ   1.2
CmNative   REG_DWORD   0x1
ProfilesUpgraded   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
<NO NAME>   REG_SZ   C:\DOCUME~1\Kate\Desktop\commy.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
<NO NAME>   REG_SZ   C:\Program Files\NetMeeting\conf.exe
Path   REG_SZ   C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
<NO NAME>   REG_SZ   C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Excel.exe
useURL   REG_SZ   1
<NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\Office\EXCEL.EXE
Path   REG_SZ   C:\Program Files\Microsoft Office\Office\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
<NO NAME>   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe
Path   REG_SZ   C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
<NO NAME>   REG_EXPAND_SZ   %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
<NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
<NO NAME>   REG_SZ   "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
<NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
<NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
<NO NAME>   REG_SZ   C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path   REG_SZ   C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
<NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
RunAsOnNonAdminInstall   REG_DWORD   0x1
BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IPoint.exe
Path   REG_SZ   C:\Program Files\Microsoft IntelliPoint\
<NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliPoint\IPoint.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
<NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
<NO NAME>   REG_SZ   C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\itype.exe
Path   REG_SZ   C:\Program Files\Microsoft IntelliType Pro\
<NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
<NO NAME>   REG_SZ   C:\Program Files\Java\jre6\bin\javaws.exe
Path   REG_SZ   C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mantispm.exe
<NO NAME>   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
Path   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
<NO NAME>   REG_SZ   C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path   REG_SZ   C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
<NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MlfHook.dll
<NO NAME>   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\MlfHook.dll
Path   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MlfOE.dll
<NO NAME>   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\MlfOE.dll
Path   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mlfoshim.dll
<NO NAME>   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfoshim.dll
Path   REG_SZ   C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MousInfo.exe
Path   REG_SZ   C:\Program Files\Microsoft IntelliPoint\
<NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliPoint\Mousinfo.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
<NO NAME>   REG_SZ   C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
<NO NAME>   REG_SZ   "C:\Program Files\Windows Media Player\mplayer2.exe"
Path   REG_SZ   "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
Path   REG_SZ   C:\Program Files\Microsoft Office\Office\
<NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\Office\MSACCESS.EXE
useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
<NO NAME>   REG_EXPAND_SZ   %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
<NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\msimn.exe
Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
<NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mskey.exe
Path   REG_SZ   C:\Program Files\Microsoft IntelliType Pro\
<NO NAME>   REG_SZ   "C:\Program Files\Microsoft IntelliType Pro\mskey.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
<NO NAME>   REG_SZ   C:\Program Files\Messenger\msmsgs.exe
Path   REG_SZ   C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NCoverEd.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverDes.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero CoverDesigner\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Nero.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero Burning Rom\Nero.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero Burning Rom\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NeroBurnRights.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero Toolkit\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NeroMediaHome.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero MediaHome\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NeroVision.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero Vision\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
Path   REG_SZ   C:\Program Files\Microsoft Office\Office\
<NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
<NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\mspaint.exe
Path   REG_EXPAND_SZ   %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path   REG_SZ   C:\Program Files\QuickTime\
<NO NAME>   REG_SZ   C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
<NO NAME>   REG_SZ   C:\Program Files\Windows NT\Pinball\pinball.exe
Path   REG_SZ   C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerPnt.exe
Path   REG_SZ   C:\Program Files\Microsoft Office\Office\
<NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\Office\POWERPNT.EXE
useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
<NO NAME>   REG_SZ   C:\Program Files\QuickTime\QuickTimePlayer.exe
Path   REG_SZ   C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
<NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
RunAsOnNonAdminInstall   REG_DWORD   0x1
BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ShowTime.exe
<NO NAME>   REG_SZ   C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe
Path   REG_SZ   C:\Program Files\Nero\Nero8\Nero ShowTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
<NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
<NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wab.exe
Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
<NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wabmig.exe
Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winamp.exe
<NO NAME>   REG_SZ   C:\Program Files\Winamp\winamp.exe
Path   REG_SZ   C:\Program Files\Winamp

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
RunAsOnNonAdminInstall   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
<NO NAME>   REG_SZ   C:\Program Files\WinRAR\WinRAR.exe
Path   REG_SZ   C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
<NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\Office\WINWORD.EXE
useURL   REG_SZ   1
Path   REG_SZ   C:\Program Files\Microsoft Office\Office\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
<NO NAME>   REG_SZ   C:\Program Files\Windows Media Player\wmplayer.exe
Path   REG_SZ   C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
<NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
<NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
<NO NAME>   REG_SZ   "C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b}   REG_SZ   C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[email protected]   REG_EXPAND_SZ   C:\Program Files\Java\jre6\lib\deploy\jqs\ff

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
<NO NAME>   REG_SZ   1.9.1.10
CurrentVersion   REG_SZ   3.5.10 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)
<NO NAME>   REG_SZ   3.5.10 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)\Main
Install Directory   REG_SZ   C:\Program Files\Mozilla Firefox
PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.5.10 (en-US)\Uninstall
Description   REG_SZ   Mozilla Firefox (3.5.10)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10
GeckoVer   REG_SZ   1.9.1.10

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10\bin
PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.5.10\extensions
Components   REG_SZ   C:\Program Files\Mozilla Firefox\components
Plugins   REG_SZ   C:\Program Files\Mozilla Firefox\plugins

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1}   REG_SZ   Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030}   REG_SZ   Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
advapi32   REG_SZ   advapi32.dll
comdlg32   REG_SZ   comdlg32.dll
DllDirectory   REG_EXPAND_SZ   %SystemRoot%\system32
gdi32   REG_SZ   gdi32.dll
imagehlp   REG_SZ   imagehlp.dll
kernel32   REG_SZ   kernel32.dll
lz32   REG_SZ   lz32.dll
ole32   REG_SZ   ole32.dll
oleaut32   REG_SZ   oleaut32.dll
olecli32   REG_SZ   olecli32.dll
olecnv32   REG_SZ   olecnv32.dll
olesvr32   REG_SZ   olesvr32.dll
olethk32   REG_SZ   olethk32.dll
rpcrt4   REG_SZ   rpcrt4.dll
shell32   REG_SZ   shell32.dll
url   REG_SZ   url.dll
urlmon   REG_SZ   urlmon.dll
user32   REG_SZ   user32.dll
version   REG_SZ   version.dll
wininet   REG_SZ   wininet.dll
wldap32   REG_SZ   wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

PATH: C:\windows\Downloaded Program Files
Microsoft XML Parser for Java.osd

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{359f220e-7118-11de-bd15-001cc0a1b38d}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2d8a26-7075-11de-a27f-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac2d8a27-7075-11de-a27f-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6663e8-6ad7-11df-bfdc-e7bd09eccd23}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
AutoRestartShell   REG_DWORD   0x1
DefaultDomainName   REG_SZ   ONE
DefaultUserName   REG_SZ   Kate
LegalNoticeCaption   REG_SZ
LegalNoticeText   REG_SZ
PowerdownAfterShutdown   REG_SZ   0
ReportBootOk   REG_SZ   1
Shell   REG_SZ   Explorer.exe
ShutdownWithoutLogon   REG_SZ   0
System   REG_SZ
Userinit   REG_SZ   C:\WINDOWS\system32\userinit.exe,
VmApplet   REG_SZ   rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota   REG_DWORD   0xffffffff
allocatecdroms   REG_SZ   0
allocatedasd   REG_SZ   0
allocatefloppies   REG_SZ   0
cachedlogonscount   REG_SZ   10
forceunlocklogon   REG_DWORD   0x0
passwordexpirywarning   REG_DWORD   0xe
scremoveoption   REG_SZ   0
AllowMultipleTSSessions   REG_DWORD   0x1
UIHost   REG_EXPAND_SZ   logonui.exe
LogonType   REG_DWORD   0x1
Background   REG_SZ   0 0 0
DebugServerCommand   REG_SZ   no
SFCDisable   REG_DWORD   0x0
WinStationsDisabled   REG_SZ   0
HibernationPreviouslyEnabled   REG_DWORD   0x1
ShowLogonOptions   REG_DWORD   0x0
AltDefaultUserName   REG_SZ   Kate
AltDefaultDomainName   REG_SZ   ONE
LegalNotice Text   REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

{END OF FILE}

Dr Jay · « **Reply #4 on:** July 02, 2010, 09:42:24 PM »

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

===========

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

duhkate · « **Reply #5 on:** July 02, 2010, 10:02:37 PM »

Thanks for the fast replies (and your time).

Unfortunately, I cannot seem to access the internet from my desktop computer (I'm posting this from my laptop.) I know that my internet is working properly b/c I'm using the internet now.

I have my desktop on a lan connection, and I have also tried connecting via my wireless adapter but no luck. I have tried repairing the connection, disabling it, enabling it, etc and every time I try to repair it it says "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed."

I will keep trying to find a way to get my desktop onto the internet, but is there another program I could try? I am using a flash drive to d/l things and then transferring it to my desktop but since that one is an online scan, I'm having difficulty being able to use it, sorry.

duhkate · « **Reply #6 on:** July 04, 2010, 12:35:16 AM »

After much deliberation, I decided it was time to move onto Windows 7 so I did a clean install of that, and wiped the hard drives.

Thanks for your help, anyway. This site is pretty cool.

Dr Jay · « **Reply #7 on:** July 04, 2010, 10:01:08 PM »

Computer Hope Forum

News:

Author Topic: Virus help needed (Read 10041 times)

duhkate

Virus help needed

Dr Jay

Re: Virus help needed

duhkate

Re: Virus help needed

duhkate

Re: Virus help needed

Dr Jay

Re: Virus help needed

duhkate

Re: Virus help needed

duhkate

Re: Virus help needed

Dr Jay

Re: Virus help needed