Author Topic: Spyware Problem. :/ (Read 24549 times)

sebastian22 · « **Reply #15 on:** July 07, 2010, 03:08:03 PM »

I FINALLY HIT LUCK! RKill ran successfully.

here's the log for helpasst -mbrt

C:\Documents and Settings\Familia ROdriguez\Desktop\HelpAsst_mebroot_fix.exe
Wed 07/07/2010 at 16:51:24.31

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Wed 07/07/2010 at 17:10:16.75

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Dr Jay · « **Reply #16 on:** July 07, 2010, 03:31:38 PM »

Now, please re-run MSS and post a log.

sebastian22 · « **Reply #17 on:** July 07, 2010, 03:34:17 PM »

MySystem-Search

MSS v1.6

Basic System Information

Username: Familia ROdriguez - Date: 07/07/2010 - Time: 17:36:08

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 6 Model 14 Stepping 8, GenuineIntel
Total processors: 1
Computer Name: DJ5WFLB1
Logon Server: \\DJ5WFLB1

CD Emulation Drivers running?

Peer-to-Peer applications?

uTorrent found!

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

Hidden objects

PATH: C:\windows

$hf_mig$
$NtServicePackUninstall$
$NtUninstallKB835221WXP$
$NtUninstallKB898461$
$NtUninstallKB912945$
$NtUninstallKB923561$
$NtUninstallKB923723$
$NtUninstallKB926239$
$NtUninstallKB929399$
$NtUninstallKB932716-v2$
$NtUninstallKB936782_WMP11$
$NtUninstallKB939683$
$NtUninstallKB941569$
$NtUninstallKB946648$
$NtUninstallKB950762$
$NtUninstallKB950974$
$NtUninstallKB951066$
$NtUninstallKB951376-v2$
$NtUninstallKB951748$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952954$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956844$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371-v2$
$NtUninstallKB961501$
$NtUninstallKB961503$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB971961$
$NtUninstallKB972270$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975562$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB976325$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978695_WM9$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979482$
$NtUninstallKB979559$
$NtUninstallKB979683$
$NtUninstallKB980195$
$NtUninstallKB980218$
$NtUninstallKB980232$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWdf01005$
$NtUninstallWdf01009$
$NtUninstallwinusb0100$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
$NtUninstallWudf01009$
ie8
inf
Installer
WindowsShell.Manifest
winnt.bmp
winnt256.bmp

PATH: C:\windows\system32

cdplayer.exe.manifest
dllcache
ezsidmv.dat
logonui.exe.manifest
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest

PATH: C:\windows\system32\drivers

MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
MsftWdf_Kernel_01009_Coinstaller_Critic al.Wdf
MsftWdf_user_01_09_00.Wdf
Msft_Kernel_motmodem_01005.Wdf
Msft_Kernel_WinUSB_01009.Wdf
Msft_Kernel_zumbus_01009.Wdf
Msft_User_WpdMtpDr_01_00_00.Wdf
Msft_User_ZuneDriver_01_09_00.Wdf

PATH: C:\

$AVG
boot.ini
dell.sdr
hiberfil.sys
IO.SYS
IPH.PH
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
RECYCLER
System Volume Information

User Profile check

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings
DefaultUserProfile   REG_SZ   Default User
AllUsersProfile   REG_SZ   All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags   REG_DWORD   0xc
State   REG_DWORD   0x0
RefCount   REG_DWORD   0x1
Sid   REG_BINARY   010100000000000512000000
ProfileImagePath   REG_EXPAND_SZ   %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\LocalService
Sid   REG_BINARY   010100000000000513000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xffbaff30
ProfileLoadTimeHigh   REG_DWORD   0x1cb1e16
RefCount   REG_DWORD   0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\NetworkService
Sid   REG_BINARY   010100000000000514000000
Flags   REG_DWORD   0x9
State   REG_DWORD   0x0
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xfc788824
ProfileLoadTimeHigh   REG_DWORD   0x1cb1e16
RefCount   REG_DWORD   0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2869327831-4132746257-1983631819-1006
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Familia ROdriguez
Sid   REG_BINARY   010500000000000515000000D77706AB11B454F 6CBD13B76EE030000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x100
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0xfd6bb800
ProfileLoadTimeHigh   REG_DWORD   0x1cb1e16
RefCount   REG_DWORD   0x1
RunLogonScriptSync   REG_DWORD   0x0
OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2869327831-4132746257-1983631819-500
ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Administrator
Sid   REG_BINARY   010500000000000515000000D77706AB11B454F 6CBD13B76F4010000
Flags   REG_DWORD   0x0
State   REG_DWORD   0x104
CentralProfile   REG_SZ
ProfileLoadTimeLow   REG_DWORD   0x60b6cc60
ProfileLoadTimeHigh   REG_DWORD   0x1cb1de5
RefCount   REG_DWORD   0x0
RunLogonScriptSync   REG_DWORD   0x0

Current Scheduled Tasks

PATH: C:\Windows\Tasks

AppleSoftwareUpdate.job
desktop.ini
SA.DAT

Windows Drivers and NT-Services

Volume in drive C has no label.
Volume Serial Number is 5C6C-EE54

Directory of C:\Windows\System32\Drivers

03/15/2010 09:30 PM 0 MsftWdf_Kernel_01005_Coinstaller_Critic al.Wdf
04/09/2010 05:56 PM 0 MsftWdf_Kernel_01009_Coinstaller_Critic al.Wdf
04/09/2010 05:55 PM 0 MsftWdf_user_01_09_00.Wdf
03/15/2010 09:30 PM 0 Msft_Kernel_motmodem_01005.Wdf
04/09/2010 05:56 PM 0 Msft_Kernel_WinUSB_01009.Wdf
04/09/2010 05:56 PM 0 Msft_Kernel_zumbus_01009.Wdf
05/29/2010 02:29 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
04/09/2010 05:56 PM 0 Msft_User_ZuneDriver_01_09_00.Wdf
8 File(s) 0 bytes
0 Dir(s) 9,765,412,864 bytes free
Volume in drive C has no label.
Volume Serial Number is 5C6C-EE54

Directory of C:\Windows\System32\Drivers

08/17/2001 01:12 PM 117,760 e100b325.sys
08/17/2001 02:46 PM 6,400 enum1394.sys
08/17/2001 02:51 PM 3,328 pciide.sys
08/17/2001 02:51 PM 6,656 cmdide.sys
08/17/2001 02:51 PM 5,248 aliide.sys
08/17/2001 02:51 PM 4,992 toside.sys
08/17/2001 02:51 PM 14,848 asc3550.sys
08/17/2001 02:52 PM 26,496 asc.sys
08/17/2001 02:52 PM 23,552 ABP480N5.SYS
08/17/2001 02:52 PM 12,800 aha154x.sys
08/17/2001 02:52 PM 22,400 asc3350p.sys
08/17/2001 02:52 PM 12,032 amsint.sys
08/17/2001 02:52 PM 7,680 cd20xrnt.sys
08/17/2001 02:52 PM 14,976 cpqarray.sys
08/17/2001 02:52 PM 16,000 ini910u.sys
08/17/2001 02:52 PM 13,952 cbidf2k.sys
08/17/2001 02:52 PM 17,280 mraid35x.sys
08/17/2001 02:52 PM 40,448 ql1240.sys
08/17/2001 02:52 PM 33,152 ql10wnt.sys
08/17/2001 02:52 PM 179,584 dac2w2k.sys
08/17/2001 02:52 PM 14,720 dac960nt.sys
08/17/2001 02:52 PM 49,024 ql1280.sys
08/17/2001 02:52 PM 45,312 ql12160.sys
08/17/2001 02:52 PM 40,320 ql1080.sys
08/17/2001 02:52 PM 36,736 ultra.sys
08/17/2001 02:52 PM 125,056 ftdisk.sys
08/17/2001 02:59 PM 3,072 audstub.sys
08/17/2001 03:07 PM 101,888 adpu160m.sys
08/17/2001 03:07 PM 16,256 symc810.sys
08/17/2001 03:07 PM 55,168 aic78u2.sys
08/17/2001 03:07 PM 32,640 symc8xx.sys
08/17/2001 03:07 PM 56,960 aic78xx.sys
08/17/2001 03:07 PM 28,384 sym_hi.sys
08/17/2001 03:07 PM 27,296 perc2.sys
08/17/2001 03:07 PM 5,504 perc2hib.sys
08/17/2001 03:07 PM 30,688 sym_u3.sys
08/17/2001 03:07 PM 20,192 dpti2o.sys
08/17/2001 03:07 PM 25,952 hpn.sys
08/17/2001 03:07 PM 19,072 sparrow.sys
08/17/2001 03:48 PM 12,160 mouhid.sys
02/13/2004 10:46 AM 17,153 omci.sys
03/16/2004 09:04 PM 13,059 mdmxsdk.sys
07/17/2004 12:35 PM 67,866 netwlan5.img
07/17/2004 12:36 PM 64,352 ativmc20.cod
07/17/2004 11:55 PM 129,045 cxthsfs2.cty
08/03/2004 11:29 PM 327,040 ati2mtaa.sys
08/03/2004 11:29 PM 701,440 ati2mtag.sys
08/03/2004 11:29 PM 57,856 atinbtxx.sys
08/03/2004 11:29 PM 14,336 atinpdxx.sys
08/03/2004 11:29 PM 52,224 atinraxx.sys
08/03/2004 11:29 PM 56,623 ati1btxx.sys
08/03/2004 11:29 PM 13,824 atinmdxx.sys
08/03/2004 11:29 PM 11,615 ati1mdxx.sys
08/03/2004 11:29 PM 12,047 ati1pdxx.sys
08/03/2004 11:29 PM 73,216 atintuxx.sys
08/03/2004 11:29 PM 31,744 atinxbxx.sys
08/03/2004 11:29 PM 63,488 atinxsxx.sys
08/03/2004 11:29 PM 28,672 atinsnxx.sys
08/03/2004 11:29 PM 63,663 ati1rvxx.sys
08/03/2004 11:29 PM 104,960 atinrvxx.sys
08/03/2004 11:29 PM 30,671 ati1raxx.sys
08/03/2004 11:29 PM 34,735 ati1xsxx.sys
08/03/2004 11:29 PM 29,455 ati1xbxx.sys
08/03/2004 11:29 PM 26,367 ati1snxx.sys
08/03/2004 11:29 PM 36,463 ati1tuxx.sys
08/03/2004 11:29 PM 21,343 ati1ttxx.sys
08/03/2004 11:29 PM 13,824 atinttxx.sys
08/03/2004 11:29 PM 452,736 mtxparhm.sys
08/03/2004 11:29 PM 11,295 wadv08nt.sys
08/03/2004 11:29 PM 11,807 wadv07nt.sys
08/03/2004 11:29 PM 11,871 wadv09nt.sys
08/03/2004 11:29 PM 11,935 wadv11nt.sys
08/03/2004 11:29 PM 22,271 watv06nt.sys
08/03/2004 11:29 PM 25,471 watv10nt.sys
08/03/2004 11:29 PM 166,912 s3gnbm.sys
08/03/2004 11:29 PM 1,897,408 nv4_mini.sys
08/03/2004 11:41 PM 1,309,184 mtlstrm.sys
08/03/2004 11:41 PM 13,776 recagent.sys
08/03/2004 11:41 PM 126,686 mtlmnt5.sys
08/03/2004 11:41 PM 180,360 ntmtlfax.sys
08/03/2004 11:41 PM 129,535 slnt7554.sys
08/03/2004 11:41 PM 404,990 slntamr.sys
08/03/2004 11:41 PM 13,240 slwdmsup.sys
08/03/2004 11:41 PM 95,424 slnthal.sys
08/03/2004 11:41 PM 220,032 hsfbs2s2.sys
08/03/2004 11:41 PM 685,056 hsfcxts2.sys
08/03/2004 11:41 PM 1,041,536 hsfdpsp2.sys
08/04/2004 06:00 AM 18,688 cdaudio.sys
08/04/2004 06:00 AM 5,888 rootmdm.sys
08/04/2004 06:00 AM 14,592 smclib.sys
08/04/2004 06:00 AM 12,032 riodrv.sys
08/04/2004 06:00 AM 262,528 cinemst2.sys
08/04/2004 06:00 AM 12,032 rio8drv.sys
08/04/2004 06:00 AM 21,376 tsbvcap.sys
08/04/2004 06:00 AM 4,224 beep.sys
08/04/2004 06:00 AM 3,456 oprghdlr.sys
08/04/2004 06:00 AM 55,936 nwlnkspx.sys
08/04/2004 06:00 AM 11,776 cpqdap01.sys
08/04/2004 06:00 AM 6,784 parvdm.sys
08/04/2004 06:00 AM 63,232 nwlnknb.sys
08/04/2004 06:00 AM 4,352 wmilib.sys
08/04/2004 06:00 AM 7,680 mcd.sys
08/04/2004 06:00 AM 4,736 usbd.sys
08/04/2004 06:00 AM 12,032 nikedrv.sys
08/04/2004 06:00 AM 32,512 nwlnkfwd.sys
08/04/2004 06:00 AM 4,224 rdpcdd.sys
08/04/2004 06:00 AM 34,432 rawwan.sys
08/04/2004 06:00 AM 16,512 raspti.sys
08/04/2004 06:00 AM 5,888 dmload.sys
08/04/2004 06:00 AM 8,832 rasacd.sys
08/04/2004 06:00 AM 58,112 vdmindvd.sys
08/04/2004 06:00 AM 646 gmreadme.txt
08/04/2004 06:00 AM 12,032 ws2ifsl.sys
08/04/2004 06:00 AM 10,496 dxapi.sys
08/04/2004 06:00 AM 12,416 nwlnkflt.sys
08/04/2004 06:00 AM 3,328 dxgthk.sys
08/04/2004 06:00 AM 51,712 tosdvd.sys
08/04/2004 06:00 AM 11,648 acpiec.sys
08/04/2004 06:00 AM 3,440,660 gm.dls
08/04/2004 06:00 AM 32,896 ipfltdrv.sys
08/04/2004 06:00 AM 352,256 atmuni.sys
08/04/2004 06:00 AM 4,224 mnmdd.sys
08/04/2004 06:00 AM 17,792 ptilink.sys
08/04/2004 06:00 AM 31,360 atmepvc.sys
08/04/2004 06:00 AM 12,160 fsvga.sys
08/04/2004 06:00 AM 7,936 fs_rec.sys
08/04/2004 06:00 AM 2,944 null.sys
08/10/2004 01:52 PM <DIR> etc
08/10/2004 01:52 PM <DIR> disdn
08/12/2004 06:45 PM 113,664 Hdaudio.sys
07/21/2005 09:01 PM 717,952 HSF_CNXT.sys
07/21/2005 09:01 PM 201,600 HSFHWAZL.sys
07/21/2005 09:02 PM 1,035,008 HSF_DPV.sys
08/05/2005 10:32 AM 45,312 bcm4sbxp.sys
08/08/2005 10:10 PM 133,972 del1028.cty
08/12/2005 06:50 PM 16,128 APPDRV.SYS
10/14/2005 09:40 AM 307,968 rixdptsk.sys
10/14/2005 09:40 AM 28,544 rimmptsk.sys
10/14/2005 09:40 AM 51,328 rimsptsk.sys
11/02/2005 01:24 PM 424,320 BCMWL5.SYS
12/07/2005 05:05 PM 56,240 V2iMount.sys
12/07/2005 05:05 PM 144,880 SymSnap.sys
12/07/2005 05:05 PM 17,472 VProEventMonitor.sys
12/13/2005 06:09 PM 1,364,574 ialmnt5.sys
12/19/2005 09:08 AM 33,664 BCMWLNPF.SYS
03/08/2006 12:35 PM 191,872 SynTP.sys
03/24/2006 05:34 PM 1,156,648 sthda.sys
08/08/2006 10:11 AM 6,072 1028_Dell_INS_I6400.mrk
08/08/2006 10:48 AM 4,608 symlcbrd.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
11/02/2006 07:00 AM 39,368 winusb.sys
12/12/2006 04:34 PM 56,832 SamsonLLDriver.sys
12/12/2006 04:34 PM 25,088 SWAudWDM.sys
05/09/2007 09:46 PM 14,112 lv302af.sys
05/09/2007 09:51 PM 41,888 LVUSBSta.sys
05/09/2007 10:47 PM 1,276,832 LV302V32.SYS
06/18/2007 08:18 PM 23,680 motmodem.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 12:39 PM 20,480 secdrv.sys
04/13/2008 12:39 PM 142,592 aec.sys
04/13/2008 01:45 PM 60,032 USBAUDIO.sys
04/13/2008 01:45 PM 60,160 drmk.sys
04/13/2008 01:45 PM 49,408 stream.sys
04/13/2008 02:16 PM 141,056 ks.sys
04/13/2008 02:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:36 PM 14,208 battc.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 10,240 compbatt.sys
04/13/2008 02:36 PM 13,952 cmbatt.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 8,832 wmiacpi.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,504 MSTEE.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:41 PM 18,560 i2omp.sys
04/13/2008 02:41 PM 8,576 i2omgmt.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 USBSTOR.SYS
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 10,880 NdisIP.sys
04/13/2008 02:46 PM 15,232 StreamIP.sys
04/13/2008 02:46 PM 11,136 SLIP.sys
04/13/2008 02:46 PM 19,200 WSTCODEC.SYS
04/13/2008 02:46 PM 17,024 CCDECODE.sys
04/13/2008 02:46 PM 85,248 NABTSFEC.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
05/02/2008 06:49 AM 62,976 cdrom.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
08/14/2008 06:04 AM 138,496 afd.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
07/13/2009 04:50 PM 91,904 WudfPf.sys
07/13/2009 04:50 PM 132,224 WudfRd.sys
07/14/2009 10:35 AM 37,608 wdfldr.sys
07/14/2009 10:35 AM 444,136 wdf01000.sys
10/20/2009 12:20 PM 265,728 http.sys
12/31/2009 12:50 PM 353,792 srv.sys
01/07/2010 02:22 PM 40,832 zumbus.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
02/24/2010 09:11 AM 455,680 mrxsmb.sys
03/12/2010 03:16 PM 216,200 avgldx86.sys
04/19/2010 08:47 PM 41,984 usbaapl.sys
06/02/2010 09:34 AM 29,584 avgmfx86.sys
06/02/2010 09:34 AM 242,896 avgtdix.sys
06/29/2010 10:43 PM <DIR> UMDF
07/07/2010 08:29 AM <DIR> Avg
07/07/2010 02:43 PM <DIR> .
07/07/2010 02:43 PM <DIR> ..
354 File(s) 36,258,239 bytes
6 Dir(s) 9,765,371,904 bytes free

Virtual drives found?

Environment variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Familia ROdriguez\Application Data
asl.log=Destination=file;OnFirstLog=command,environment
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DJ5WFLB1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Familia ROdriguez
LOGONSERVER=\\DJ5WFLB1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\FAMILI~1\LOCALS~1\Temp
USERDOMAIN=DJ5WFLB1
USERNAME=Familia ROdriguez
USERPROFILE=C:\Documents and Settings\Familia ROdriguez
windir=C:\WINDOWS

Stealth malware?

Internet Explorer

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Search Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache   REG_SZ   yes
Cache_Percent_of_Disk   REG_BINARY   0A000000
Delete_Temp_Files_On_Exit   REG_SZ   yes
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon   REG_BINARY   01000000
Use_Async_DNS   REG_SZ   yes
Placeholder_Width   REG_BINARY   1A000000
Placeholder_Height   REG_BINARY   1A000000
Start Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
CompanyName   REG_SZ   Microsoft Corporation
Custom_Key   REG_SZ   MICROSO
Wizard_Version   REG_SZ   6.0.2600.0000
FullScreen   REG_SZ   no
Default_Secondary_Page_URL   REG_MULTI_SZ   \0
Extensions Off Page   REG_SZ   about:NoAdd-ons
Security Risk Page   REG_SZ   about:SecurityRisk
Check_Associations   REG_SZ   yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent   REG_SZ   Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag   REG_SZ   5.0
NoNetAutodial   REG_DWORD   0x0
MigrateProxy   REG_DWORD   0x1
EmailName   REG_SZ   IEUser@
AutoConfigProxy   REG_SZ   wininet.dll
MimeExclusionListForCache   REG_SZ   multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost   REG_BINARY   01000000
UseSchannelDirectly   REG_BINARY   01000000
EnableHttp1_1   REG_DWORD   0x1
PrivacyAdvanced   REG_DWORD   0x0
EnableNegotiate   REG_DWORD   0x1
ProxyEnable   REG_DWORD   0x1
PrivDiscUiShown   REG_DWORD   0x1
ProxyOverride   REG_SZ   <local>
ProxyOverride.Bonjour   REG_SZ
UrlEncoding   REG_DWORD   0x0
SecureProtocols   REG_DWORD   0x28
ZonesSecurityUpgrade   REG_BINARY   CAFACC967A90CA01
DisableCachingOfSSLPages   REG_DWORD   0x0
WarnonZoneCrossing   REG_DWORD   0x0
ProxyHttp1.1   REG_DWORD   0x0
Zdpggpledeez9m1o   REG_DWORD   0x617
GlobalUserOffline   REG_DWORD   0x0
ProxyServer   REG_SZ   http=127.0.0.1:5577

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck   REG_DWORD   0x1
NoJITSetup   REG_DWORD   0x1
Disable Script Debugger   REG_SZ   yes
Show_ChannelBand   REG_SZ   No
Anchor Underline   REG_SZ   yes
Cache_Update_Frequency   REG_SZ   Once_Per_Session
Display Inline Images   REG_SZ   yes
Do404Search   REG_BINARY   01000000
Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit   REG_SZ   no
Show_FullURL   REG_SZ   no
Show_StatusBar   REG_SZ   yes
Show_ToolBar   REG_SZ   yes
Show_URLinStatusBar   REG_SZ   yes
Show_URLToolBar   REG_SZ   yes
Start Page   REG_SZ   www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
Use_DlgBox_Colors   REG_SZ   yes
Search Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
UseHR   REG_DWORD   0x1
Enable Browser Extensions   REG_SZ   yes
Use Search Asst   REG_SZ   yes
Search Bar   REG_SZ
Default_Page_URL   REG_SZ   www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
FullScreen   REG_SZ   no
Window_Placement   REG_BINARY   2C0000000000000001000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF6000000060000000800300 00B8020000
NotifyDownloadComplete   REG_SZ   yes
XMLHTTP   REG_DWORD   0x1
UseClearType   REG_SZ   yes
Play_Background_Sounds   REG_SZ   yes
Play_Animations   REG_SZ   yes
CompatibilityFlags   REG_DWORD   0x0
IE8RunOnceLastShown   REG_DWORD   0x1
IE8RunOnceLastShown_TIMESTAMP   REG_BINARY   0E5A4CB7DB1DCB01
IE8TourShown   REG_DWORD   0x1
IE8TourShownTime   REG_BINARY   942F20D30D92CA01
Error Dlg Displayed On Every Error   REG_SZ   no
Check_Associations   REG_SZ   no

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL   REG_SZ   www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
Start Page   REG_SZ   www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}   REG_SZ

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F}   REG_BINARY   00
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   REG_BINARY   00

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English

Protocol hijack?

sebastian22 · « **Reply #18 on:** July 07, 2010, 03:35:13 PM »

Security Center

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled   REG_DWORD   0x1
AntiVirusDisableNotify   REG_DWORD   0x0
FirewallDisableNotify   REG_DWORD   0x0
UpdatesDisableNotify   REG_DWORD   0x0
AntiVirusOverride   REG_DWORD   0x0
FirewallOverride   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall   REG_DWORD   0x1
DoNotAllowExceptions   REG_DWORD   0x0
DisableNotifications   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe   REG_SZ   %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe   REG_SZ   C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe   REG_SZ   C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\America Online 9.0\waol.exe   REG_SZ   C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
C:\Program Files\AVG\AVG9\avgemc.exe   REG_SZ   C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
C:\Program Files\AVG\AVG9\avgupd.exe   REG_SZ   C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe   REG_SZ   C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe   REG_SZ   C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe   REG_SZ   C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
%windir%\Network Diagnostic\xpnetdiag.exe   REG_SZ   %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe   REG_SZ   C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\VideoLAN\VLC\vlc.exe   REG_SZ   C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\TeamViewer\Version5\TeamViewer.exe   REG_SZ   C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe   REG_SZ   C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe   REG_SZ   C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\QuickTime\QuickTimePlayer.exe   REG_SZ   C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
C:\Program Files\Bonjour\mDNSResponder.exe   REG_SZ   C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe   REG_SZ   C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\FrostWire\FrostWire.exe   REG_SZ   C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire

Uninstall List

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
AOL Connectivity Services   REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_2ac78060bc5856b0c1cf873bb919b58

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASIO4ALL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity 1.3 Beta (Unicode)_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AviSynth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11b Network Adapter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edirol HQ Orchestral v1.01

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Audio CD Burner_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Audio Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Video to iPod Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube to MP3 Converter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IL Download Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB932716-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961503

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975364-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978695_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979482

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979559

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980218

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981793

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB982381-IE8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LAME for Audacity_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lexmark 730 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M979906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.2)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pack Crystal Clear

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PoiZone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rob Papen Albino 3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketDock_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sawer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toxic Biohazard

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WavePad

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01007

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wdf01009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebCyberCoach_wtrb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winusb0100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Software Update

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zipeg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zune

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0046FA01-C5B9-4985-BACB-398DC480FC05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04AF207D-9A77-465A-8B76-991F6AB66245}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08B32819-6EEF-4057-AEDA-5AB681A36A23}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216018FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216020FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29E5EA97-5F74-4A57-B8B2-D4F169117183}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40EC6323-497B-44DA-8A88-74578622D9B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45338B07-A236-4270-9A77-EBB4115517B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4667B940-BB01-428B-986E-A0CC46497BF7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51846830-E7B2-4218-8968-B77F0FF475B8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54793AA1-5001-42F4-ABB6-C364617C6078}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{548EEA8E-8299-497F-8057-811D2D7097DC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74F7662C-B1DB-489E-A8AC-07A06B24978B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AB3A249-FB81-416B-917A-A2A10E74C503}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{802771A9-A856-4A41-ACF7-1450E523C923}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85991ED2-010C-4930-96FA-52F43C2CE98A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{888FFC82-688D-46AB-A776-B417885432B6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90176341-0A8B-4CCC-A78D-F862228A6B95}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95655ED4-7CA5-46DF-907F-7144877A32E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C9824D9-9000-4373-A6A5-D0E5D4831394}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB300003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB975195

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976570

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976578v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB976769v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB977354v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A683A2C0-821C-486F-858C-FA634DB5E864}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC042F3D-DAAD-4F76-B857-396EF81AB197}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0000-0000-0000-6028747ADE01}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A00000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF19F291-F22F-4798-9662-525305AE9E48}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B0DF58A2-40DF-4465-AA56-38623EC9938C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D328BE-45AD-4D92-96F9-2151490A203E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6884A07-0305-47AE-9969-8F26FADC17DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB971111

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976576

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB976765v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB979909

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB980773

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5074CC4-0E26-4716-A307-960272A90040}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DFF92A-492E-4C40-B862-A74A173C25C5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E42BD75A-FC23-4E3F-9F91-2658334C644F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E69AE897-9E0B-485C-8552-7841F48D42D8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED00D08A-3C5F-488D-93A0-A04F21F23956}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE4ACABF-531E-419A-9225-B8E0FA4955AF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB26A501-6BA6-459B-89AA-9736730752FB}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

sebastian22 · « **Reply #19 on:** July 07, 2010, 03:35:49 PM »

Adobe Products

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
   DisplayName   REG_SZ   Adobe Flash Player 10 ActiveX
   DisplayVersion   REG_SZ   10.0.45.2
   Publisher   REG_SZ   Adobe Systems Incorporated
   URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
   VersionMajor   REG_SZ   10
   VersionMinor   REG_SZ   0
   HelpLink   REG_SZ   http://www.adobe.com/go/flashplayer_support/
   URLUpdateInfo   REG_SZ   http://www.adobe.com/go/flashplayer/
   DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
   UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
   RequiresIESysFile   REG_SZ   4.70.0.1155
   NoModify   REG_DWORD   0x1
   NoRepair   REG_DWORD   0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
   DisplayName   REG_SZ   Adobe Flash Player 10 Plugin
   DisplayVersion   REG_SZ   10.0.45.2
   Publisher   REG_SZ   Adobe Systems Incorporated
   URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
   DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
   UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
   NoModify   REG_DWORD   0x1
   NoRepair   REG_DWORD   0x1

Autorun

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   uTorrent   REG_SZ   "C:\Program Files\uTorrent\uTorrent.exe"
   ctfmon.exe   REG_SZ   C:\WINDOWS\system32\ctfmon.exe
   MSMSGS   REG_SZ   "C:\Program Files\Messenger\msmsgs.exe" /background
   Messenger (Yahoo!)   REG_SZ   "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
   iTeleportConnect   REG_SZ   "C:\Program Files\iTeleport\iTeleport Connect\iTeleportConnect.exe" -autostart
   Jtodu   REG_SZ   rundll32.exe "C:\WINDOWS\mprodpx.dll",Startup
   pyoucltt   REG_SZ   C:\Documents and Settings\Familia ROdriguez\Local Settings\Application Data\tshylruwd\dvhjakntssd.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   igfxtray   REG_SZ   C:\WINDOWS\system32\igfxtray.exe
   igfxhkcmd   REG_SZ   C:\WINDOWS\system32\hkcmd.exe
   igfxpers   REG_SZ   C:\WINDOWS\system32\igfxpers.exe
   Broadcom Wireless Manager UI   REG_SZ   C:\WINDOWS\system32\WLTRAY.exe
   SigmatelSysTrayApp   REG_SZ   stsystra.exe
   Dell QuickSet   REG_SZ   C:\Program Files\Dell\QuickSet\quickset.exe
   SynTPEnh   REG_SZ   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   PCMService   REG_SZ   "C:\Program Files\Dell\Media Experience\PCMService.exe"
   ISUSPM Startup   REG_SZ   "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
   ISUSScheduler   REG_SZ   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
   ccApp   REG_SZ   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   LXCFCATS   REG_SZ   rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
   Zune Launcher   REG_SZ   "c:\Program Files\Zune\ZuneLauncher.exe"
   QuickTime Task   REG_SZ   "C:\Program Files\QuickTime\QTTask.exe" -atboottime
   SunJavaUpdateSched   REG_SZ   "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
   iTunesHelper   REG_SZ   "C:\Program Files\iTunes\iTunesHelper.exe"
   pyoucltt   REG_SZ   C:\Documents and Settings\Familia ROdriguez\Local Settings\Application Data\tshylruwd\dvhjakntssd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

Restrictions - Internet Explorer

Restrictions - REGEDIT

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Restrictions - Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
   NoDriveTypeAutoRun   REG_DWORD   0x91

DNS Settings

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{02878A51-574B-4D0E-9EFC-16229DFDF825}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2810EB22-763D-4D0C-9450-64BBD1758685}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{531D3D38-B38F-4A40-9052-52EFBA55506B}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{69F821D4-1EFD-4E09-B5C3-3DFF9FAD66D9}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9AB9503-82D1-4712-AE3C-37F2CDA6DD60}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CDDAAB86-1B42-43FF-BDBB-5A0670FA30D1}

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DJ5WFLB1

   Primary Dns Suffix . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Wireless Network Connection:

   Connection-specific DNS Suffix . : Belkin

   Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

   Physical Address. . . . . . . . . : 00-16-CF-1A-2E-25

   Dhcp Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   IP Address. . . . . . . . . . . . : 192.168.2.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.2.1

   DHCP Server . . . . . . . . . . . : 192.168.2.1

   DNS Servers . . . . . . . . . . . : 192.168.2.1

   Lease Obtained. . . . . . . . . . : Wednesday, July 07, 2010 4:57:33 PM

   Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

AppInit DLLs

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_DLLs   REG_SZ

Shell Service Object Delay Load

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
   PostBootReminder   REG_SZ   {7849596a-48ea-486e-8937-a2a3009f31a9}
   CDBurn   REG_SZ   {fbeb8a05-beee-4442-804e-409d6c4515e9}
   WebCheck   REG_SZ   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
   SysTray   REG_SZ   {35CEC8A3-2BE6-11D2-8773-92E220524153}
   WPDShServiceObj   REG_SZ   {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Shell Execute Hooks

Image File Execution Options

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

Security Providers

Local Security Authority

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ   msv1_0\0\0
   Bounds   REG_BINARY   0030000000200000
   Security Packages   REG_MULTI_SZ   kerberos\0msv1_0\0schannel\0wdigest\0\0
   ImpersonatePrivilegeUpgradeToolHasRun   REG_DWORD   0x1
   LsaPid   REG_DWORD   0x330
   SecureBoot   REG_DWORD   0x1
   auditbaseobjects   REG_DWORD   0x0
   crashonauditfail   REG_DWORD   0x0
   disabledomaincreds   REG_DWORD   0x0
   everyoneincludesanonymous   REG_DWORD   0x0
   fipsalgorithmpolicy   REG_DWORD   0x0
   forceguest   REG_DWORD   0x1
   fullprivilegeauditing   REG_BINARY   00
   limitblankpassworduse   REG_DWORD   0x1
   lmcompatibilitylevel   REG_DWORD   0x0
   nodefaultadminowner   REG_DWORD   0x1
   nolmhash   REG_DWORD   0x0
   restrictanonymous   REG_DWORD   0x0
   restrictanonymoussam   REG_DWORD   0x1
   Notification Packages   REG_MULTI_SZ   scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
   <NO NAME>   REG_SZ   C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
   Path   REG_SZ   C:\Program Files\Adobe\Acrobat 6.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AVGSE.DLL
   <NO NAME>   REG_SZ   C:\PROGRA~1\AVG\AVG9\avgse.dll
   Menu1   REG_SZ   Scan with &AVG Free
   Help1   REG_SZ   Scan against viruses with AVG Free

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bantam.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\bantam.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
   <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bdeadmin.cpl
   <NO NAME>   REG_SZ   C:\WINDOWS\system32\bdeadmin.cpl
   Path   REG_SZ   C:\WINDOWS\system32\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bdeadmin.hlp
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\bdeadmin.hlp
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\blw32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\blw32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bridge.exe
   <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Bridge CS3\bridge.exe
   Path   REG_SZ   C:\Program Files\Adobe\Adobe Bridge CS3

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CARMOrganizer.exe
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\CARMOrganizer.exe
   Path   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccApp.exe
   PATH   REG_SZ   C:\Program Files\Common Files\Symantec Shared\;
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Symantec Shared\ccApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CdrConv.exe
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\CdrConv.exe
   Path   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
   <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
   <NO NAME>   REG_SZ   C:\WINDOWS\system32\cmmgr32.exe
   Path   REG_SZ   C:\WINDOWS\system32
   CmstpExtensionDll   REG_SZ   C:\WINDOWS\system32\cmcfg32.dll
   CMInternalVersion   REG_SZ   1.2
   CmNative   REG_DWORD   0x1
   ProfilesUpgraded   REG_DWORD   0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
   <NO NAME>   REG_SZ   C:\Program Files\NetMeeting\conf.exe
   Path   REG_SZ   C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ConvUtil.exe
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\ConvUtil.exe
   Path   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
   <NO NAME>   REG_SZ   C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\disp.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\disp.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLG.exe
   Path   REG_SZ   C:\Program Files\Digital Line Detect
   <NO NAME>   REG_SZ   C:\Program Files\Digital Line Detect\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
   <NO NAME>   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe
   Path   REG_SZ   C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\FL.exe
   <NO NAME>   REG_SZ   C:\Program Files\Image-Line\FL Studio 9\FL.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ghostexp.exe
   <NO NAME>   REG_SZ   C:\Program Files\Norton Ghost\Browser\GhostExplorer\EN\Ghostexp.exe
   Path   REG_SZ   C:\Program Files\Norton Ghost\Browser\GhostExplorer\EN

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HelpAsst.exe
   <NO NAME>   REG_SZ   C:\Documents and Settings\Familia ROdriguez\Desktop\HelpAsst_mebroot_fix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
   <NO NAME>   REG_SZ   C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
   <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
   <NO NAME>   REG_SZ   "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
   <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
   Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
   <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
   Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idapi32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idapi32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idasci32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idasci32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idbat32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idbat32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idda3532.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idda3532.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iddao32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\iddao32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iddbas32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\iddbas32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iddr32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\iddr32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idodbc32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idodbc32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idpdx32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idpdx32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idqbe32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idqbe32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idr20009.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idr20009.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\idsql32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\idsql32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
   <NO NAME>   REG_SZ   C:\Program Files\Internet Explorer\IEXPLORE.EXE
   Path   REG_SZ   C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
   <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
   Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
   RunAsOnNonAdminInstall   REG_DWORD   0x1
   BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IraLrShl.exe
   <NO NAME>   REG_SZ   C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\IraLrShl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
   <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
   Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
   <NO NAME>   REG_SZ   C:\PROGRA~1\iTunes\ITUNSE~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
   <NO NAME>   REG_SZ   C:\Program Files\Java\jre6\bin\javaws.exe
   Path   REG_SZ   C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LUALL.EXE
   <NO NAME>   REG_SZ   C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
   Path   REG_SZ   C:\Program Files\Symantec\LiveUpdate

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
   <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
   <NO NAME>   REG_SZ   C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
   <NO NAME>   REG_SZ   "C:\Program Files\Windows Media Player\mplayer2.exe"
   Path   REG_SZ   "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
   <NO NAME>   REG_SZ   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
   <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\msimn.exe
   Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
   Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
   <NO NAME>   REG_SZ   C:\Program Files\Messenger\msmsgs.exe
   Path   REG_SZ   C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSNMSGR.EXE
   <NO NAME>   REG_SZ   C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
   Path   REG_SZ   C:\Program Files\Windows Live\Messenger\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
   useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE
   useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
   <NO NAME>   REG_SZ   C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE
   Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
   useURL   REG_SZ   1
   SaveURL   REG_SZ   0
   <NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\OFFICE11\OIS.EXE
   Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ORUN32.EXE
   Path   REG_SZ   C:\WINDOWS\
   <NO NAME>   REG_SZ   C:\WINDOWS\ORUN32.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
   <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\mspaint.exe
   Path   REG_EXPAND_SZ   %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
   <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
   Path   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
   Path   REG_SZ   C:\Program Files\QuickTime\
   <NO NAME>   REG_SZ   C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
   <NO NAME>   REG_SZ   C:\Program Files\Windows NT\Pinball\pinball.exe
   Path   REG_SZ   C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerCinema.exe
   Path   REG_SZ   C:\Program Files\Dell\Media Experience
   <NO NAME>   REG_SZ   C:\Program Files\Dell\Media Experience\PCM2.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
   useURL   REG_SZ   1
   SaveURL   REG_SZ   1
   <NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\OFFICE11\POWERPNT.EXE
   Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Prwin12.exe
   Path   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\Prwin12.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QPW.EXE
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\QPW.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
   <NO NAME>   REG_SZ   C:\Program Files\QuickTime\QuickTimePlayer.exe
   Path   REG_SZ   C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
   <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SecurityConfig.exe
   <NO NAME>   REG_SZ   C:\Program Files\Norton Ghost\Agent\SecurityConfig.exe
   Path   REG_SZ   C:\Program Files\Norton Ghost\Agent\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
   RunAsOnNonAdminInstall   REG_DWORD   0x1
   BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
   <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sqlint32.dll
   <NO NAME>   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\sqlint32.dll
   Path   REG_SZ   C:\Program Files\Common Files\Borland Shared\BDE\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
   UseShortName   REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\UIMain.exe
   <NO NAME>   REG_SZ   C:\Program Files\Norton Ghost\Console\UIMain.exe
   Path   REG_SZ   C:\Program Files\Norton Ghost\Console\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\UIMain_.exe
   <NO NAME>   REG_SZ   C:\Program Files\Norton Ghost\Console\UIMain_.exe
   Path   REG_SZ   C:\Program Files\Norton Ghost\Console\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\V2iBrowser.exe
   <NO NAME>   REG_SZ   C:\Program Files\Norton Ghost\Browser\V2iBrowser.exe
   Path   REG_SZ   C:\Program Files\Norton Ghost\Browser\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
   <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wab.exe
   Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
   <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wabmig.exe
   Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
   RunAsOnNonAdminInstall   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
   SaveURL   REG_SZ   1
   <NO NAME>   REG_SZ   C:\PROGRA~1\MI1933~1\OFFICE11\WINWORD.EXE
   Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
   useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
   <NO NAME>   REG_SZ   C:\Program Files\Windows Media Player\wmplayer.exe
   Path   REG_SZ   C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
   <NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wpldes12.exe
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\WPLDES12.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wpwin12.exe
   <NO NAME>   REG_SZ   C:\Program Files\WordPerfect Office 12\Programs\wpwin12.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
   <NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
   <NO NAME>   REG_SZ   "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\yourapp.Exe
   Path   REG_SZ   C:\Program Files\Edirol\Orchestral VST
   <NO NAME>   REG_SZ   C:\Program Files\Edirol\Orchestral VST\yourapp.Exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Zipeg.exe
   <NO NAME>   REG_SZ   C:\Program Files\Zipeg\Zipeg.exe
   Path   REG_SZ   C:\Program Files\Zipeg

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Zune.exe
   <NO NAME>   REG_SZ   c:\Program Files\Zune\Zune.exe

Mozilla

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions
   {3f963a5b-e555-4543-90e2-c3908898db71}   REG_SZ   C:\Program Files\AVG\AVG9\Firefox
   {20a82645-c095-46ed-80e3-08825760534b}   REG_SZ   c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
   [email protected]   REG_EXPAND_SZ   C:\Program Files\Java\jre6\lib\deploy\jqs\ff

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
   <NO NAME>   REG_SZ   1.9.2.2
   CurrentVersion   REG_SZ   3.6.2 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.2 (en-US)
   <NO NAME>   REG_SZ   3.6.2 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.2 (en-US)\Main
   Install Directory   REG_SZ   C:\Program Files\Mozilla Firefox
   PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.2 (en-US)\Uninstall
   Description   REG_SZ   Mozilla Firefox (3.6.2)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.2
   GeckoVer   REG_SZ   1.9.2.2

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.2\bin
   PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.2\extensions
   Components   REG_SZ   C:\Program Files\Mozilla Firefox\components
   Plugins   REG_SZ   C:\Program Files\Mozilla Firefox\plugins

Shared Task Scheduler

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
   {438755C2-A8BA-11D1-B96B-00A0C90312E1}   REG_SZ   Browseui preloader
   {8C7461EF-2B13-11d2-BE35-3078302C2030}   REG_SZ   Component Categories cache daemon

SafeBoot

SafeBootMinimal

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

SafeBootNetwork

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

File Rename Operations - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations

Known DLLs - Session

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
   advapi32   REG_SZ   advapi32.dll
   comdlg32   REG_SZ   comdlg32.dll
   DllDirectory   REG_EXPAND_SZ   %SystemRoot%\system32
   gdi32   REG_SZ   gdi32.dll
   imagehlp   REG_SZ   imagehlp.dll
   kernel32   REG_SZ   kernel32.dll
   lz32   REG_SZ   lz32.dll
   ole32   REG_SZ   ole32.dll
   oleaut32   REG_SZ   oleaut32.dll
   olecli32   REG_SZ   olecli32.dll
   olecnv32   REG_SZ   olecnv32.dll
   olesvr32   REG_SZ   olesvr32.dll
   olethk32   REG_SZ   olethk32.dll
   rpcrt4   REG_SZ   rpcrt4.dll
   shell32   REG_SZ   shell32.dll
   url   REG_SZ   url.dll
   urlmon   REG_SZ   urlmon.dll
   user32   REG_SZ   user32.dll
   version   REG_SZ   version.dll
   wininet   REG_SZ   wininet.dll
   wldap32   REG_SZ   wldap32.dll

Downloaded program files (ActiveX)

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

PATH: C:\windows\Downloaded Program Files

dwusplay.dll
dwusplay.exe
isusweb.dll
MessengerStatsPAClient.dll
msgrchkr.dll
muweb.inf

Mountpoints

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b85c4d8-1bdf-11df-b230-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b85c4d9-1bdf-11df-b230-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755c-eacc-11d8-87d0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755d-eacc-11d8-87d0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755e-eacc-11d8-87d0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29fa755f-eacc-11d8-87d0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c9acb52-fa1d-11de-b1de-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d929386-f6a4-11de-b1ce-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d929387-f6a4-11de-b1ce-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d929388-f6a4-11de-b1ce-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{342adfd8-36c0-11df-b2be-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{497d0cae-fe22-11de-b1f1-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{724b1ff6-3d04-11df-b2d1-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e14519-2723-11db-9eea-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76e1451a-2723-11db-9eea-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96b1d76a-1b14-11df-b22d-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbd2fb0c-1a37-11df-b229-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf38cf8-26e9-11db-9fd0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf38cf9-26e9-11db-9fd0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf38cfa-26e9-11db-9fd0-806d6172696f}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd5453a-0239-11df-b200-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f61dd339-017d-11df-b1fd-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe1288b1-3ac5-11df-b2ca-0016cf1a2e25}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC

Winlogon

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   AutoRestartShell   REG_DWORD   0x1
   DefaultDomainName   REG_SZ   DJ5WFLB1
   DefaultUserName   REG_SZ   Familia ROdriguez
   LegalNoticeCaption   REG_SZ
   LegalNoticeText   REG_SZ
   PowerdownAfterShutdown   REG_SZ   0
   ReportBootOk   REG_SZ   1
   Shell   REG_SZ   Explorer.exe
   ShutdownWithoutLogon   REG_SZ   0
   System   REG_SZ
   Userinit   REG_SZ   C:\WINDOWS\system32\userinit.exe,
   VmApplet   REG_SZ   rundll32 shell32,Control_RunDLL "sysdm.cpl"
   SfcQuota   REG_DWORD   0xffffffff
   allocatecdroms   REG_SZ   0
   allocatedasd   REG_SZ   0
   allocatefloppies   REG_SZ   0
   cachedlogonscount   REG_SZ   10
   forceunlocklogon   REG_DWORD   0x0
   passwordexpirywarning   REG_DWORD   0xe
   scremoveoption   REG_SZ   0
   AllowMultipleTSSessions   REG_DWORD   0x0
   UIHost   REG_EXPAND_SZ   logonui.exe
   LogonType   REG_DWORD   0x1
   Background   REG_SZ   0 0 0
   DebugServerCommand   REG_SZ   no
   SFCDisable   REG_DWORD   0x0
   WinStationsDisabled   REG_SZ   0
   HibernationPreviouslyEnabled   REG_DWORD   0x1
   ShowLogonOptions   REG_DWORD   0x0
   AltDefaultUserName   REG_SZ   Familia ROdriguez
   AltDefaultDomainName   REG_SZ   DJ5WFLB1
   ChangePasswordUseKerberos   REG_DWORD   0x1
   SfcScan   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

Windows Update

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
   LastSuccessTime   REG_SZ   2010-06-23 07:07:47
   LastError   REG_DWORD   0x0

Security Software Information

*Note*: Some security software does not store itself in the WMI.

Antivirus: AVG Anti-Virus Free *Scanner enabled* (Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

{END OF FILE}

Dr Jay · « **Reply #20 on:** July 07, 2010, 04:10:56 PM »

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

Code: [Select]

:files
C:\windows\system32\ezsidmv.dat
C:\WINDOWS\mprodpx.dll
C:\Documents and Settings\Familia ROdriguez\Local Settings\Application Data\tshylruwd


:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"="*.local"
"ProxyServer"="127.0.0.1"
"Zdpggpledeez9m1o"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Jtodu"=-
"pyoucltt"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pyoucltt"=-

:Commands
[emptytemp]
[purity]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

sebastian22 · « **Reply #21 on:** July 07, 2010, 08:26:00 PM »

All processes killed
========== FILES ==========
C:\windows\system32\ezsidmv.dat moved successfully.
File/Folder C:\WINDOWS\mprodpx.dll not found.
C:\Documents and Settings\Familia ROdriguez\Local Settings\Application Data\tshylruwd folder moved successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyOverride"|"*.local" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"127.0.0.1" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\Zdpggpledeez9m1o deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jtodu deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pyoucltt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pyoucltt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4047478 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Familia ROdriguez
->Temp folder emptied: 253511958 bytes
->Temporary Internet Files folder emptied: 282840062 bytes
->Java cache emptied: 36818578 bytes
->FireFox cache emptied: 122702051 bytes
->Flash cache emptied: 168508 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 639057 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97972606 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64693674 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 1636000225 bytes

Total Files Cleaned = 2,389.00 mb

OTM by OldTimer - Version 3.1.12.2 log created on 07072010_221210
All processes killed

OTM by OldTimer - Version 3.1.12.2 log created on 07072010_221210

Files moved on Reboot...

Registry entries deleted on Reboot...

Dr Jay · « **Reply #22 on:** July 07, 2010, 08:28:42 PM »

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

sebastian22 · « **Reply #23 on:** July 07, 2010, 08:46:01 PM »

It won't run the program.
And when It was trying to update, it displayed an error message.

A lot of programs say they can't run cause they're not connected to the internet.
Rationally, I thought I'd be something with the firewall,
so I was going to try and disable it real quick and
another error message appeared that says
"An exception occured while trying to run "C:\WINDOWS\system32\shell32.dll,Control_RunDLL C:\WINDOWS\system32\wscui.cpL"

Should I reboot the computer??

sebastian22 · « **Reply #24 on:** July 07, 2010, 09:33:42 PM »

Well, I did about 2 reboots and it will TRY and run now.

In the process of updating, it says..
"An error has occured. Please report this error code to our support team.
MBAM_ERROR_UPDATING(12007, 0, WinHttpSendRequest)"

:/

sebastian22 · « **Reply #25 on:** July 07, 2010, 09:51:46 PM »

FINAL REPORT

:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2010 11:54:24 PM
mbam-log-2010-07-07 (23-54-24).txt

Scan type: Quick scan
Objects scanned: 125529
Time elapsed: 15 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a9ab9503-82d1-4712-ae3c-37f2cda6dd60}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a9ab9503-82d1-4712-ae3c-37f2cda6dd60}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

sebastian22 · « **Reply #26 on:** July 07, 2010, 10:22:45 PM »

After I rebooted, I tried updating it again and it did so successfully.
I ran another quick scan and here we're the results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4290

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2010 12:25:45 AM
mbam-log-2010-07-08 (00-25-45).txt

Scan type: Quick scan
Objects scanned: 135645
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
C:\Documents and Settings\Familia ROdriguez\Local Settings\Temp\Ed1.exe (Trojan.FraudPack) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\UBC5AB1IDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FraudPack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a9ab9503-82d1-4712-ae3c-37f2cda6dd60}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a9ab9503-82d1-4712-ae3c-37f2cda6dd60}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Familia ROdriguez\Local Settings\Temp\Ed1.exe (Trojan.FraudPack) -> Delete on reboot.
C:\Documents and Settings\Familia ROdriguez\Application Data\67500ec3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Familia ROdriguez\Start Menu\Programs\Startup\systask.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ernel32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\spool\prtprocs\w32x86\GM5gM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\M9317o3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\mYWSKU3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Familia ROdriguez\Local Settings\Temp\17.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Familia ROdriguez\Local Settings\Temp\Ed0.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Evopaa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Evopab.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Dr Jay · « **Reply #27 on:** July 08, 2010, 12:46:54 PM »

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

sebastian22 · « **Reply #28 on:** July 08, 2010, 10:37:43 AM »

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x82DCA7C0 [4] System
0x82B97B28 [128] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation, Symantec Settings Manager Service)
0x82A37DA0 [176] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation, Symantec Event Manager Service)
0x829C9918 [264] C:\WINDOWS\system32\WLTRYSVC.EXE
0x8295DDA0 [304] C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Controller)
0x82A33428 [400] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x82A1B368 [504] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82C82A90 [536] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x82941418 [552] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x82ACA930 [664] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8299A838 [692] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x82A90670 [728] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x829E6510 [752] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x828BF810 [800] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x829B2378 [812] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x82990DA0 [960] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82927DA0 [1044] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x829B1518 [1092] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82AB58D0 [1164] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x82ADB300 [1172] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x82AE2478 [1200] C:\WINDOWS\system32\gearsec.exe (GEAR Software, gearsec)
0x82AA9690 [1208] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x829AADA0 [1340] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x825D3950 [1408] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x82AAB6A0 [1580] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82549AA0 [1604] C:\WINDOWS\stsystra.exe (SigmaTel, Inc., Sigmatel Audio system tray application)
0x824A9020 [1644] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x82549020 [1656] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x823F6DA0 [1664] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Tray Applet)
0x829B3B78 [1708] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82960BC0 [1736] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x824A6B78 [1896] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc, QuickSet)
0x824A3DA0 [1904] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x824A2B50 [1920] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp., PowerCinema Resident Program for Dell)
0x824A13B0 [1948] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation, InstallShield Update Service Scheduler)
0x8266A4B0 [1956] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation, Symantec User Session)
0x824D35C8 [1984] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x82520DA0 [2004] C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc., Internal Network Card Power Management Service)
0x823E5020 [2052] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x82498020 [2096] C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
0x825128B0 [2132] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x82C5BDA0 [2160] C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
0x82672DA0 [2176] C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe (Y'z@Home, Attach drop shadow to windows.)
0x824CE7D8 [2188] C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe (Y'z@Home, ToolBar icon can be changed.)
0x82510020 [2244] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x82506B28 [2412] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x824F98B0 [2664] C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation, Zune Bus Enumerator Service)
0x825812E0 [2704] C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o., AVG E-Mail Scanner)
0x8256C020 [2724] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x824ECDA0 [2944] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x82635020 [3316] C:\Documents and Settings\Familia ROdriguez\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\4aenVO662qfx5w.exe (UG North, RKULE, SR2 Normandy)
0x824DC8B0 [3364] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x8256B4A8 [3524] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x82402DA0 [4024] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF814C000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1368064 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA6B0000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0xAA55D000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xAA4AD000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF833A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7CA5000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAA264000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF80A8000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 425984 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF7DB6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA3F9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9745000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF8024000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8BEC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAA3BF000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xAA190000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xAA65A000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF7FF5000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF8485000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9AAF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF830D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA89E1000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA2D4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF8110000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA371000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA399000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA144000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA68C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF8084000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7E64000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA34F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF841D000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8455000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF82F3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF843D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF83DE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7E4D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF83C7000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xF83F5000 SymSnap.sys 90112 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0xA99AA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8070000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF8138000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA452000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF840B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8474000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7E14000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA92DD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8664000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8634000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8604000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF87E4000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8794000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8674000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9A0F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF87A4000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8614000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8754000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF85F4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8644000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF86D4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8824000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0xF85D4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF86F4000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8694000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8654000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF85C4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF86E4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF85B4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8764000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8714000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8684000 C:\WINDOWS\System32\Drivers\V2IMount.SYS 40960 bytes (Symantec Corporation, V2iMount.sys - Image Mounting Device Driver)
0xF8744000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF85E4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7DA6000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8804000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8704000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF87F4000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8A54000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF87D4000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF894C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8984000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88EC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF88AC000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8834000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88F4000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver)
0xF88B4000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF885C000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF890C000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8904000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88FC000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88DC000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF88E4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8974000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF897C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF892C000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF883C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF891C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8924000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8914000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF895C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA47D000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF89CC000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8A84000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF82BE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9E7C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF89C4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF89C8000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA32B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAA317000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF82BA000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA9B14000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xAA465000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8AA0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF82B6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A98000 C:\WINDOWS\system32\DRIVERS\sffdisk.sys 12288 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0xF8A78000 C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 12288 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0xF8A80000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF8B1C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B1A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8AB4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B1E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B20000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AE2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8ACE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8AB6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BA3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8CC7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C2B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B7C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x82BA4AEA ?_empty_? 1302 bytes
0x82BA4EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8298E4F8 ?_empty_? 0 bytes
==============================================

sebastian22 · « **Reply #29 on:** July 08, 2010, 10:38:17 AM »

>Stealth
==============================================
0xF843D000 WARNING: suspicious driver modification [atapi.sys::0x82BA4AEA]
0xF88FC000 WARNING: Virus alike driver modification [mouclass.sys], 24576 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\UserData\OGHMIVFA\pmocntr[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CGXGAGP5\78b68328b023e49e[1].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CGXGAGP5\registration_over[1].gif
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZRILGL3Z\eUsZEkWC0gM&hl=en&fs=1&rel=0&color1=0xe1600f&color2=0xfebd01&border=1[1].swf
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZRILGL3Z\eUsZEkWC0gM&hl=en&fs=1&rel=0&color1=0xe1600f&color2=0xfebd01&border=1[2].swf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
[1092]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1092]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1092]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1092]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1604]stsystra.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1604]stsystra.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1604]stsystra.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1604]stsystra.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1604]stsystra.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1604]stsystra.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1604]stsystra.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1604]stsystra.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1604]stsystra.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1644]hkcmd.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1656]igfxpers.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1664]WLTRAY.EXE-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1736]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1736]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1736]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1736]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1736]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1736]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1736]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1736]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1736]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1736]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1736]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1896]quickset.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1896]quickset.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1896]quickset.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1896]quickset.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1896]quickset.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1896]quickset.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1896]quickset.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1896]quickset.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1896]quickset.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1904]SynTPEnh.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1920]PCMService.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1920]PCMService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1920]PCMService.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1920]PCMService.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1920]PCMService.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1920]PCMService.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1920]PCMService.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1920]PCMService.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1920]PCMService.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1948]issch.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1948]issch.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1948]issch.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1948]issch.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1948]issch.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1948]issch.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1948]issch.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1948]issch.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1948]issch.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1956]ccApp.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1956]ccApp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1956]ccApp.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1956]ccApp.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1956]ccApp.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1956]ccApp.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1956]ccApp.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1956]ccApp.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1956]ccApp.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[1984]jusched.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[1984]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[1984]jusched.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[1984]jusched.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[1984]jusched.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[1984]jusched.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[1984]jusched.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[1984]jusched.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[1984]jusched.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2052]ctfmon.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2096]RocketDock.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2160]UberIcon Manager.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2176]YzShadow.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2188]YzToolBar.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[2724]igfxsrvc.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Computer Hope Forum

News:

Author Topic: Spyware Problem. :/ (Read 24549 times)

sebastian22

Re: Spyware Problem. :/

Dr Jay

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

Dr Jay

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

Dr Jay

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

Dr Jay

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/

sebastian22

Re: Spyware Problem. :/