Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NEED ADVICE 4 REMOVING MALWARE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 5th, 2010, 10:14 pm

COMPUTER SLOW SINCE 1/1/10, POSSIBLE INSTALLED ACTIVEX FROM A SITE (PLS NOTE I AM NOT COMPUTER LITERATE-SELF TAUGHT-KEEP IN MIND WHEN READING MY POST) INTERNET EXPLORER 7
CHANGING FONT SIZE/SCREEN SIZE/FREEZING, ALSO WHEN OPENING EBAY, AFTER SIGNIN PAGE WOULD GET PRETTY AUTHENTICATE PAGE ADVISING OF SUPPOSED NEW SECURITY REQUESTING NAME, CHARGE CARD NUMBER WITH SECURITY CODE AND PIN. COURSE I KNEW THAT WAS FAKE AND THAT PAGE WOULD NOT SHOW WHEN ACCESSING EBAY THROUGH ANOTHER ROUTE. HAVE NORTON INTERNET SECURITY, TRIED
DELETING TEMP. INT. FILES, BROWSING, HISTORY, COOKIES, MAIL, DEFRAGMENTING. ONLY NEW SOFTWARE INSTALLED WAS ADOBE READER, UNFORTUNATELY CANNOT REMEMBER WHAT SITE IT WAS DOWNLOADED FROM AND I HAVE ERASED HISTORY. WILL GREATLY APPRECIATE YOUR TIME AND ADVICE.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:24 PM, on 1/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet

Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet

Security\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet

Security\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install

/silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default

user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) -

http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) -

http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-58

21-4609-A6C6-6D5536C585C9}
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) -

http://workingmom.coupons.smartsource.c ... scmv5X.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 3674339687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -

http://offers.e-centives.com/cif/downlo ... ctxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} -

http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton

Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google

Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media

Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10920 bytes

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Belkin N Wireless USB Adapter Setup
Choice Guard
Clear Cache feature for Internet Explorer
Comcast High-Speed Internet Install Wizard
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Windows Media Audio 10 Codec
Dell ResourceCD
Diagnostic Tool for the Microsoft VM
DiscWizard for Windows
DVD Solution
Family Tree Maker
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
getPlus(R)_ocx
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Memories Disc
HP OfficeJet/PSC Scrubber
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
HP Print Diagnostic Utility
hp psc 2170 series
InCD
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Interactive Calculus 3.0
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Office XP Standard for Students and Teachers
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.1)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
Multimedia Launcher
Nero Suite
Norton Internet Security
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OpenCASE Media Agent
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhoTags Express
PowerDVD
PowerProducer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sound Blaster Live!
TaxCut Premium 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visioneer PaperPort Viewer 5.0
WA Update v3.50 beta2
WebIQ Technology Engine
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm
Advertisement
Register to Remove

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 11th, 2010, 10:11 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules and How to get help at this forum where the conditions for receiving help at this forum are explained.
NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


The HijackThis log you posted is hard to read. Please turn off Word Wrap and post a new HijackThis log as described below.

Please start Notepad (click Start, click Run..., type notepad and press Enter)
In the menu bar click Format and ensure that Word Wrap is unchecked. (clicking Word Wrap will toggle it on and off)
Then run HijackThis and generate a new log.

Post the log in a reply to this thread.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 11th, 2010, 11:19 pm

Dear shinybeast:
Thank you for your reply! I look forward to your helping me! Here is the unwrapped HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:03 PM, on 1/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://workingmom.coupons.smartsource.c ... scmv5X.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3674339687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/downlo ... ctxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10384 bytes

Would you let me know if I can ask you questions about other computer issues please?
Thanking you in advance for your time and your kind considerations.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 12th, 2010, 8:02 pm

Hi ROSEM,

I see you updated Norton, that's good. However, please refrain from making further significant changes to your computer on your own until we are done as it can confuse things on my end and make it difficult to help you.

Let's update Java and get a deeper look.


Update Java

Older versions of Java may have vulnerabilities that can be exploited by malware.
Please follow the steps below to update the Java Runtime Enviornment

Remove older version(s):

  • Click Start, click Run...
  • Type appwiz.cpl and click OK
  • For each of the Java installations listed below, highlight them in the list and click Remove

    J2SE Runtime Environment 5.0 Update 3
    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Coupon Printer for Windows
    <- This collects data about you (though not malicious, per se). I suggest you uninstall it.


Download and install newest version:

  • Click here to visit Sun Java download page
  • Scroll down the page a bit and click Image under Image
  • Select your platform and agree to the license agreement (after having read it, of course) by clicking the checkbox. Click Continue.
  • Click the link (jre-6u17-windows-i586-p.exe) under Available Files and download the offline installer to your desktop.
  • Close any programs you may have running, including web browsers.
  • From your desktop, double-click on the download to install the newest version.
  • Reboot your computer.


Disable Windows Defender

Windows Defender needs to be disabled to prevent interference with other tools we use.

  • Click Start button, click All Programs, click Image Windows Defender
  • Click Tools at top center of window to open Tools and Settings
  • Under Settings, Click Options
  • Scroll down to Administrator Options
  • Under Administrator options, uncheck Use Windows Defender then click Save
  • If Windows asks for your permission, click Continue
  • Click Close at the warning.
Do not enable Windows Defender until we are done. (I will remind you.)


Scan with SysProt

Please Download SysProt Antirootkit from one of the links below.
Link 1 | Link 2 | Link 3

  • Disable Norton Internet Security as described here and disconnect from the internet as you will not be protected after disabling Norton.
  • Unzip SysProt.zip into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
    See images below.

    Image

    And check Hidden objects only
    Image
  • At the bottom of the window, click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Close all running programs but SysProt
  • Select Scan Root Drive and click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished. Click OK to close SysProt
  • The log (SysProtLog.txt) will be saved automatically in the same folder Sysprot.exe was extracted to. Open the SysProtLog.txt and copy/paste the log in your next reply.


Re-enable Norton Internet Security and reconnect to the internet, then continue with RSIT.


Scan with RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double-click RSIT.exe to run the tool
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next reply.


MalwareBytes' log

I notice you have MalwareBytes' installed and it was running when you posted your first log.
Did it run successfully? If so, please post the log from it.

  • The logfile can be accessed by running Malwarebytes' and clicking the Log tab.
  • Double-click the most recent log to open it.
  • Copy and paste the contents of that log in your next reply.


As for your question about other issues. If it is something I know or can quickly find the answer to, I'll gladly help. Otherwise, I will recommend another forum once we are finished. Let's work on malware issues now and you can ask those questions later, OK? :)

Please post the RSIT logs (log.txt and info.txt) and the MalwareBytes' log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 14th, 2010, 1:24 am

This is just a test post to see if it shows up under my topic as I do not see the email that I posted around 6pm
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 14th, 2010, 1:57 am

Dear shinybeast:
I am posting my reply again as I do not see it.

I have deleted old Java, downloaded new Java, disabled Windows Defender. I am still trying to figure out how to disable Norton's automatic updates.

Here is the SYSPROT LOG:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: SYMDS.SYS
Service Name: SymDS
Module Base: F82B7000
Module End: F830D000
Hidden: Yes

Module Name: SYMEFA.SYS
Service Name: SymEFA
Module Base: F8279000
Module End: F82A5000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F5D69000
Module End: F5D81000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8A48000
Module End: F8A4A000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 82F2D230
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 82F85A60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 82F825D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 82F31AC8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 82F7AE30
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F6246210
Driver Base: F6230000
Driver End: F6255000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwCreateMutant
Address: 83134E78
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 83182468
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 82F82828
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 82F31BA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F6246490
Driver Base: F6230000
Driver End: F6255000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDeleteValueKey
Address: F62469F0
Driver Base: F6230000
Driver End: F6255000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDuplicateObject
Address: 82F89528
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwEnumerateKey
Address: F83C1A92
Driver Base: F83BB000
Driver End: F8495000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: F83C1E20
Driver Base: F83BB000
Driver End: F8495000
Driver Name: sptd.sys

Function Name: ZwFreeVirtualMemory
Address: 830F14E0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 8306D518
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 83230C80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 830C93D8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 83085008
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 82FFCE68
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenKey
Address: F62467A0
Driver Base: F6230000
Driver End: F6255000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwOpenProcess
Address: 82F94280
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 82F97248
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 82FF76A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 831AA660
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 83182558
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F83C1EF8
Driver Base: F83BB000
Driver End: F8495000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: F83C1D78
Driver Base: F83BB000
Driver End: F8495000
Driver Name: sptd.sys

Function Name: ZwResumeThread
Address: 82F8AA60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 82F8C5F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 82F8A5E0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 82F403D0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F6246C40
Driver Base: F6230000
Driver End: F6255000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwSuspendProcess
Address: 82FF7780
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 82F8D928
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 831158F0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 82F88840
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 82FA6A18
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 82F76590
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_CREATE
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_CLOSE
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_READ
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_WRITE
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SET_EA
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_POWER
Jump To: F83CADB8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F83E5344
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0094
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F83E8F18
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 833D41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 833D41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 833D41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: FEFB14B8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 833D41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 833D41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 831EF1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 833691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 83088610
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 83088610
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 83088610
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 83088610
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 83088610
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 831BC980
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 831F31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 831F31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 831F31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 831F31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 831F31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 831F31E8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DOWNSTAIRS:8999
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
State: LISTENING

Local Address: DOWNSTAIRS:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: DOWNSTAIRS:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: DOWNSTAIRS:1027
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
State: LISTENING

Local Address: DOWNSTAIRS:65533
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\services.exe
State: LISTENING

Local Address: DOWNSTAIRS:8367
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\services.exe
State: LISTENING

Local Address: DOWNSTAIRS:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DOWNSTAIRS:2479
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\services.exe
State: LISTENING

Local Address: DOWNSTAIRS:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DOWNSTAIRS:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: DOWNSTAIRS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DOWNSTAIRS:1094
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Contacts\wlcomm.exe
State: NA

Local Address: DOWNSTAIRS:1081
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Mail\wlmail.exe
State: NA

Local Address: DOWNSTAIRS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: DOWNSTAIRS:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: DOWNSTAIRS:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: DOWNSTAIRS:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: DOWNSTAIRS:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found



Here is the RSIT log.txt:

Run by Marie Johnson at 2010-01-13 17:40:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 94 GB (72%) free of 131 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:38 PM, on 1/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Marie Johnson\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marie Johnson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://workingmom.coupons.smartsource.c ... scmv5X.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3674339687
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/downlo ... ctxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1251834635.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Marie Johnson.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B8E2009F-5D9A-4246-92C7-AB4E566AEAB1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-28 392560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL [2009-10-01 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-28 392560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-22 68856]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\uiStub.exe"="C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\uiStub.exe:*:Enabled:Norton Internet Security"
"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe"="C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com"
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe"="C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Disabled:PandoRest Application Name"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe"="C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Enabled:MSN Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-01-13 17:40:23 ----D---- C:\rsit
2010-01-13 16:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-13 16:27:36 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-13 16:27:36 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-13 16:27:35 ----A---- C:\WINDOWS\system32\java.exe
2010-01-06 11:03:16 ----A---- C:\Spiderevmpatch.exe
2010-01-05 19:42:44 ----D---- C:\Program Files\Trend Micro
2010-01-05 17:27:23 ----D---- C:\Documents and Settings\Marie Johnson\Application Data\Malwarebytes
2010-01-05 17:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-05 17:27:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-05 15:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-05 13:44:28 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-05 13:42:43 ----D---- C:\Program Files\Windows Defender
2010-01-05 13:32:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-01 12:30:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-09 23:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 23:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 23:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 23:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 23:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 23:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 23:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-11 11:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-10-31 13:22:25 ----SHD---- C:\WINDOWS\ftpcache
2009-10-16 08:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 08:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 08:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 08:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 08:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 08:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 07:57:36 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2009-10-16 07:54:14 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2009-10-16 07:49:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 07:45:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 07:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

======List of files/folders modified in the last 3 months======

2010-01-13 17:39:50 ----D---- C:\WINDOWS\Prefetch
2010-01-13 17:39:22 ----D---- C:\WINDOWS\Temp
2010-01-13 16:37:57 ----SD---- C:\WINDOWS\Tasks
2010-01-13 16:33:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 16:31:54 ----SHD---- C:\System Volume Information
2010-01-13 16:31:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 16:29:39 ----SHD---- C:\WINDOWS\Installer
2010-01-13 16:29:38 ----D---- C:\Program Files\Common Files\Java
2010-01-13 16:27:36 ----D---- C:\WINDOWS\system32
2010-01-13 16:27:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-13 15:45:33 ----D---- C:\Program Files\Java
2010-01-13 15:42:28 ----D---- C:\WINDOWS
2010-01-13 15:42:27 ----D---- C:\Program Files\Coupons
2010-01-07 10:57:45 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-01-06 14:48:57 ----D---- C:\Program Files\Symantec
2010-01-06 14:48:43 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-01-06 10:43:17 ----D---- C:\DELL
2010-01-06 10:06:56 ----D---- C:\WINDOWS\Minidump
2010-01-05 19:42:44 ----RD---- C:\Program Files
2010-01-05 17:27:06 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 16:05:02 ----D---- C:\WINDOWS\AppPatch
2010-01-05 15:59:09 ----HD---- C:\WINDOWS\inf
2010-01-05 15:59:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-05 15:58:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-05 13:42:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-05 11:05:09 ----D---- C:\WINDOWS\Help
2010-01-02 12:31:38 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-01-02 12:31:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 12:31:20 ----D---- C:\Program Files\Google
2010-01-01 18:02:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 17:46:02 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-01 17:45:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-01 17:26:51 ----D---- C:\Documents and Settings
2010-01-01 17:24:17 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 13:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 12:34:07 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 12:30:09 ----D---- C:\Program Files\Common Files
2009-12-20 14:23:02 ----D---- C:\WINDOWS\network diagnostic
2009-12-10 10:52:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 23:25:45 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 23:23:43 ----D---- C:\WINDOWS\system32\en-US
2009-12-09 23:23:42 ----D---- C:\Program Files\Internet Explorer
2009-12-01 14:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 23:18:20 ----D---- C:\WINDOWS\WinSxS
2009-11-23 13:00:17 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-29 01:46:59 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 01:46:59 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\url.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\occache.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\mstime.dll
2009-10-29 01:46:58 ----A---- C:\WINDOWS\system32\msrating.dll
2009-10-29 01:46:57 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-10-29 01:46:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 01:46:55 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 01:46:55 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 01:46:55 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 01:46:54 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 01:46:54 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-10-29 01:46:54 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 01:46:52 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-10-29 01:46:52 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\icardie.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-10-29 01:46:51 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-10-29 01:46:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-10-29 01:46:50 ----A---- C:\WINDOWS\system32\corpol.dll
2009-10-29 01:46:50 ----A---- C:\WINDOWS\system32\advpack.dll
2009-10-28 09:07:15 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 08:36:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-10-28 08:36:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-28 00:52:46 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-10-21 00:00:55 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:00:55 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-16 08:30:13 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 08:30:03 ----RSD---- C:\WINDOWS\assembly
2009-10-16 08:00:59 ----D---- C:\WINDOWS\ie7updates
2009-10-16 07:58:26 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-16 07:58:08 ----D---- C:\WINDOWS\Registration
2009-10-16 07:48:13 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1101000.013\ccHPx86.sys [2009-10-20 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1101000.013\SRTSP.SYS [2009-10-08 325168]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSPX.SYS [2009-10-08 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1101000.013\Ironx86.SYS [2009-10-08 114736]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMTDI.SYS [2009-10-14 361520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-07-20 21361]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-08-28 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\spkpnt.sys [2001-07-18 80449]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-07-18 534125]
R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-04-30 139776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100106.001\IDSxpx86.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100113.009\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100113.009\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-29 517632]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys []
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys []
S1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver; C:\WINDOWS\System32\DRIVERS\vnet58lx.sys [2004-03-26 122112]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-05-23 26056]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS []
S3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
S3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-13 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NIS;Norton Internet Security.; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 OpenCASE Media Agent;OpenCASE Media Agent; C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-05 835208]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
I am sending the rest the the info required in a separate reply as I have gone over the 100000 maximum character
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 14th, 2010, 1:59 am

Dear shinybeast:

Here is the remainder of my posting:

I hope this is the other RSIT info. txt (only other I could find):

info.txt logfile of random's system information tool 1.06 2010-01-13 17:40:47

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNMIX.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Belkin N Wireless USB Adapter Setup-->C:\Program Files\InstallShield Installation Information\{28FA3609-B6E2-4BCA-B089-F5122AC417C5}\setup.exe -runfromtemp -l0x0009 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clear Cache feature for Internet Explorer-->MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Diagnostic Tool for the Microsoft VM-->MsiExec.exe /I{86844E31-42CC-49C8-B647-7213009F4719}
DiscWizard for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Family Tree Maker-->C:\FTW\uninstal.exe
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP OfficeJet/PSC Scrubber-->C:\WINDOWS\IsUninst.exe -fC:\HPAiOScrubber\Uninst.isu
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 2170 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Print Diagnostic Utility-->MsiExec.exe /I{E14B8A08-42B3-4676-9E91-1D39F8158DA1}
hp psc 2170 series-->MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Interactive Calculus 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC257F6E-721E-41DE-ABE0-13B1E2BE7A5A}\Setup.exe" -l0x9
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {355AD171-6294-4265-95EC-741E081E98F3} /package {577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\17.1.0.19\InstStub.exe /X
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OpenCASE Media Agent-->MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PhoTags Express -->C:\PROGRA~1\PHOTAG~1\Setup.exe /remove
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
TaxCut Premium 2007-->MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB928089)-->"C:\WINDOWS\ie7updates\KB928089\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visioneer PaperPort Viewer 5.0-->c:\ppviewer\UnInstlv.exe C:\WINDOWS\uninst.exe -fc:\ppviewer\DeIsL1.isu
WA Update v3.50 beta2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BE2669E-2BD8-4164-A8B5-C904C864B403}\Setup.exe"
WebIQ Technology Engine-->C:\WINDOWS\system32\WebIQEngineSetup.exe u
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======System event log======

Computer Name: DOWNSTAIRS
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 145649
Source Name: PlugPlayManager
Time Written: 20100102142610.000000-360
Event Type: warning
User:

Computer Name: DOWNSTAIRS
Event Code: 7024
Message: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Record Number: 145616
Source Name: Service Control Manager
Time Written: 20100102123504.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 145607
Source Name: Service Control Manager
Time Written: 20100102123459.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 7024
Message: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

Record Number: 145562
Source Name: Service Control Manager
Time Written: 20100102102611.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 145553
Source Name: Service Control Manager
Time Written: 20100102102611.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: DOWNSTAIRS
Event Code: 1517
Message: Windows saved user DOWNSTAIRS\Marie Johnson registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 144244
Source Name: Userenv
Time Written: 20091221112521.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DOWNSTAIRS
Event Code: 8355
Message: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

Record Number: 144240
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091221100144.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 3414
Message: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Record Number: 144237
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091221100141.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 9003
Message: The log scan number (354:832:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Record Number: 144236
Source Name: MSSQL$SQLEXPRESS
Time Written: 20091221100141.000000-360
Event Type: error
User:

Computer Name: DOWNSTAIRS
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 144223
Source Name: SQLBrowser
Time Written: 20091221100139.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is the MalwareBytes log (there are four of them and I am sending the last- but they all seem to be the quick log):

Malwarebytes' Anti-Malware 1.43
Database version: 3498
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/13/2010 5:38:34 PM
mbam-log-2010-01-13 (17-38-34).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I look forward to hearing from you and would like to thank you again (along with your instructor) for your time and help.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 15th, 2010, 1:52 am

Hi ROSEM,

Don't worry about stopping Norton from getting automatic updates. It's OK.


Defogger

The virtual cd drivers you have installed will interfere with some of the tools we use.
Disable them by doing the following:

Click Here to download Defogger by jpshortstuff and save it to your desktop.
  • Double-click Defogger.exe to run the tool
  • In the window that opens click Disable
  • Read the warning and click Yes
  • When the Finished! message appears, click OK.
  • If Defogger asks to reboot the machine, click OK to allow it.

IMPORTANT! If you receive an error message while running Defogger, please post the contents of defogger_disable.log which will appear on your desktop.

Do NOT re-enable these drivers until otherwise instructed. I will let you know when to re-enable them.


Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.

  • Disable Norton Internet Security as described here and disconnect from the internet as you will not be protected after disabling Norton.
  • Double click the randomly named GMER file. If asked to allow gmer driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "ark.txt" (include the quotes or it will save as a .log file)
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 15th, 2010, 9:40 pm

Dear shinybeast:
There will be at least 4 replies-maybe 5 in order to stay within the 100000 allowed characters.

I have disabled the virtual cd drivers with no problems (I hope you will give me specific instructions on how to reinstall!).

Here are the GMER Rootkit Scanner results:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-15 19:01:30
Windows 5.1.2600 Service Pack 2
Running: bufu3rdy.exe; Driver: C:\DOCUME~1\MARIEJ~1\LOCALS~1\Temp\kgriyfog.sys


---- System - GMER 1.0.15 ----

SSDT 8270A6E8 ZwAlertResumeThread
SSDT 8270A7C8 ZwAlertThread
SSDT 8272D748 ZwAllocateVirtualMemory
SSDT 82740810 ZwAssignProcessToJobObject
SSDT 831AD1F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6A00210]
SSDT 82741760 ZwCreateMutant
SSDT 82708C80 ZwCreateSymbolicLinkObject
SSDT 826DC8A8 ZwCreateThread
SSDT 827408F0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF6A00490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF6A009F0]
SSDT 8272D8E0 ZwDuplicateObject
SSDT 8270B898 ZwFreeVirtualMemory
SSDT 82741850 ZwImpersonateAnonymousToken
SSDT 82741910 ZwImpersonateThread
SSDT 83215780 ZwLoadDriver
SSDT 8270B798 ZwMapViewOfSection
SSDT 82741680 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xF6A007A0]
SSDT 826DC798 ZwOpenProcess
SSDT 82783050 ZwOpenProcessToken
SSDT 827097E8 ZwOpenSection
SSDT 826DC6A8 ZwOpenThread
SSDT 82740720 ZwProtectVirtualMemory
SSDT 8270A8A8 ZwResumeThread
SSDT 82742820 ZwSetContextThread
SSDT 82742900 ZwSetInformationProcess
SSDT 827096A0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF6A00C40]
SSDT 827098C8 ZwSuspendProcess
SSDT 82742660 ZwSuspendThread
SSDT 82904050 ZwTerminateProcess
SSDT 82742740 ZwTerminateThread
SSDT 8270B6B8 ZwUnmapViewOfSection
SSDT 8272D658 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 FF15F500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 FF15F500
Device \Driver\atapi \Device\Ide\IdePort0 FF15F500
Device \Driver\atapi \Device\Ide\IdePort1 FF15F500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f FF15F500

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0xEE 0x88 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6E 0x10 0x3A 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0x10 0x3A 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x6E 0x10 0x3A 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xFB 0x14 0xA0 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x5F 0x59 0x6A 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDC 0x12 0xB4 0xCE ...
Reg HKLM\SOFTWARE\Classes\.amr@ RealPlayer.AMR.10
Reg HKLM\SOFTWARE\Classes\.amr@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.amr@Content Type audio/AMR
Reg HKLM\SOFTWARE\Classes\.amr\OpenWithList
Reg HKLM\SOFTWARE\Classes\.amr\OpenWithList\QuickTimePlayer.exe
Reg HKLM\SOFTWARE\Classes\.amr\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.amr\OpenWithProgIds@QuickTime.AMR
Reg HKLM\SOFTWARE\Classes\.ape@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.ape\ShellEx
Reg HKLM\SOFTWARE\Classes\.ape\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.ape\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.art@ ACDSee 6.0.art
Reg HKLM\SOFTWARE\Classes\.awb@ RealPlayer.AMR_WB.10
Reg HKLM\SOFTWARE\Classes\.awb@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.bw@ ACDSee 6.0.bw
Reg HKLM\SOFTWARE\Classes\.cif@ EasyCDCreator.DiscImage.5
Reg HKLM\SOFTWARE\Classes\.cl5@ EasyCDCreator.Document.5
Reg HKLM\SOFTWARE\Classes\.dcr@Content Type application/x-director
Reg HKLM\SOFTWARE\Classes\.dir@Content Type application/x-director
Reg HKLM\SOFTWARE\Classes\.djv@ ACDSee 6.0.djv
Reg HKLM\SOFTWARE\Classes\.djvu@ ACDSee 6.0.djvu
Reg HKLM\SOFTWARE\Classes\.dxr@Content Type application/x-director
Reg HKLM\SOFTWARE\Classes\.eta@ Google Earth.etafile
Reg HKLM\SOFTWARE\Classes\.eta@Content Type application/earthviewer
Reg HKLM\SOFTWARE\Classes\.flac@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.flac\ShellEx
Reg HKLM\SOFTWARE\Classes\.flac\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.flac\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.fpx@ ACDSee 6.0.fpx
Reg HKLM\SOFTWARE\Classes\.icl@ ACDSee 6.0.icl
Reg HKLM\SOFTWARE\Classes\.icn@ ACDSee 6.0.icn
Reg HKLM\SOFTWARE\Classes\.iff@ ACDSee 6.0.iff
Reg HKLM\SOFTWARE\Classes\.ilbm@ ACDSee 6.0.ilbm
Reg HKLM\SOFTWARE\Classes\.int@ ACDSee 6.0.int
Reg HKLM\SOFTWARE\Classes\.inta@ ACDSee 6.0.inta
Reg HKLM\SOFTWARE\Classes\.iso@ EasyCDCreator.DiscImage.5
Reg HKLM\SOFTWARE\Classes\.ivr@ RealPlayer.IVR.6
Reg HKLM\SOFTWARE\Classes\.ivr@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.iw4@ ACDSee 6.0.iw4
Reg HKLM\SOFTWARE\Classes\.kdc@ ACDSee 6.0.kdc
Reg HKLM\SOFTWARE\Classes\.kml@ Google Earth.kmlfile
Reg HKLM\SOFTWARE\Classes\.kml@Content Type application/vnd.google-earth.kml+xml
Reg HKLM\SOFTWARE\Classes\.kmz@ Google Earth.kmzfile
Reg HKLM\SOFTWARE\Classes\.kmz@Content Type application/vnd.google-earth.kmz
Reg HKLM\SOFTWARE\Classes\.lbm@ ACDSee 6.0.lbm
Reg HKLM\SOFTWARE\Classes\.m2a@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.m2a\ShellEx
Reg HKLM\SOFTWARE\Classes\.m2a\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.m2a\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.m4a@ QuickTime.m4a
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithList
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithList\QuickTimePlayer.exe
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.m4a\OpenWithProgIds@QuickTime.m4a
Reg HKLM\SOFTWARE\Classes\.mag@ ACDSee 6.0.mag
Reg HKLM\SOFTWARE\Classes\.mp1@ RealPlayer.MP1.6
Reg HKLM\SOFTWARE\Classes\.mp1@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.mp1@Content Type audio/mp1
Reg HKLM\SOFTWARE\Classes\.mp1\ShellEx
Reg HKLM\SOFTWARE\Classes\.mp1\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.mp1\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.mpc@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.mpc\ShellEx
Reg HKLM\SOFTWARE\Classes\.mpc\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.mpc\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.mpga@ RealPlayer.MPGA.6
Reg HKLM\SOFTWARE\Classes\.mpga@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.mpga@Content Type audio/rn-mpeg
Reg HKLM\SOFTWARE\Classes\.mpga\ShellEx
Reg HKLM\SOFTWARE\Classes\.mpga\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.mpga\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.mpx@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.mpx\ShellEx
Reg HKLM\SOFTWARE\Classes\.mpx\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.mpx\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.nrg@ NeroImageType
Reg HKLM\SOFTWARE\Classes\.ogg\ShellEx
Reg HKLM\SOFTWARE\Classes\.ogg\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.ogg\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.pbm@ ACDSee 6.0.pbm
Reg HKLM\SOFTWARE\Classes\.pgm@ ACDSee 6.0.pgm
Reg HKLM\SOFTWARE\Classes\.pix@ ACDSee 6.0.pix
Reg HKLM\SOFTWARE\Classes\.plp@ ACDSee 6.0.plp
Reg HKLM\SOFTWARE\Classes\.ppm@ ACDSee 6.0.ppm
Reg HKLM\SOFTWARE\Classes\.psp@ ACDSee 6.0.psp
Reg HKLM\SOFTWARE\Classes\.ptad@ Photags.album_Details
Reg HKLM\SOFTWARE\Classes\.ptad\Photags.album_Details
Reg HKLM\SOFTWARE\Classes\.ptad\Photags.album_Details\ShellNew
Reg HKLM\SOFTWARE\Classes\.ptah@ Photags.album_Header
Reg HKLM\SOFTWARE\Classes\.ptah\Photags.album_Header
Reg HKLM\SOFTWARE\Classes\.ptah\Photags.album_Header\ShellNew
Reg HKLM\SOFTWARE\Classes\.ptfc@ Photags.FolderClosed
Reg HKLM\SOFTWARE\Classes\.ptfc\Photags.FolderClosed
Reg HKLM\SOFTWARE\Classes\.ptfc\Photags.FolderClosed\ShellNew
Reg HKLM\SOFTWARE\Classes\.ptfo@ Photags.FolderOpen
Reg HKLM\SOFTWARE\Classes\.ptfo\Photags.FolderOpen
Reg HKLM\SOFTWARE\Classes\.ptfo\Photags.FolderOpen\ShellNew
Reg HKLM\SOFTWARE\Classes\.ptsh@ Photags.Search
Reg HKLM\SOFTWARE\Classes\.ptsh\Photags.Search
Reg HKLM\SOFTWARE\Classes\.ptsh\Photags.Search\ShellNew
Reg HKLM\SOFTWARE\Classes\.ra@ RealPlayer.RA.6
Reg HKLM\SOFTWARE\Classes\.ra@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.ra@Content Type audio/vnd.rn-realaudio
Reg HKLM\SOFTWARE\Classes\.ra\ShellEx
Reg HKLM\SOFTWARE\Classes\.ra\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.ra\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.ram@ RealPlayer.RAM.6
Reg HKLM\SOFTWARE\Classes\.ram@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.ram@Content Type audio/x-pn-realaudio
Reg HKLM\SOFTWARE\Classes\.ras@ ACDSee 6.0.ras
Reg HKLM\SOFTWARE\Classes\.rax@ RealPlayer.RAX.6
Reg HKLM\SOFTWARE\Classes\.rax@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rgb@ ACDSee 6.0.rgb
Reg HKLM\SOFTWARE\Classes\.rgb@Content Type image/x-sgi
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithList
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithList\PictureViewer.exe
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithProgIds@QuickTime.rgb
Reg HKLM\SOFTWARE\Classes\.rgba@ ACDSee 6.0.rgba
Reg HKLM\SOFTWARE\Classes\.rjs@ RealJukebox.RJS.1
Reg HKLM\SOFTWARE\Classes\.rjs@Content Type application/vnd.rn-realsystem-rjs
Reg HKLM\SOFTWARE\Classes\.rjt@ RealJukebox.RJT.1
Reg HKLM\SOFTWARE\Classes\.rjt@Content Type application/vnd.rn-realsystem-rjt
Reg HKLM\SOFTWARE\Classes\.rm@ RealPlayer.RM.6
Reg HKLM\SOFTWARE\Classes\.rm@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rm@Content Type application/vnd.rn-realmedia
Reg HKLM\SOFTWARE\Classes\.rmj@ RealJukebox.RMJ.1
Reg HKLM\SOFTWARE\Classes\.rmj@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rmj@Content Type application/vnd.rn-realsystem-rmj
Reg HKLM\SOFTWARE\Classes\.rmm@ RealPlayer.RAM.6
Reg HKLM\SOFTWARE\Classes\.rmm@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.rmm@Content Type audio/x-pn-realaudio
Reg HKLM\SOFTWARE\Classes\.rms@ RealPlayer.RMS.6
Reg HKLM\SOFTWARE\Classes\.rms@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rms@Content Type application/vnd.rn-realmedia-secure
Reg HKLM\SOFTWARE\Classes\.rmvb@ RealPlayer.RMVB.6
Reg HKLM\SOFTWARE\Classes\.rmvb@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rmvb@Content Type application/vnd.rn-realmedia-vbr
Reg HKLM\SOFTWARE\Classes\.rmx@ RealJukebox.RMX.1
Reg HKLM\SOFTWARE\Classes\.rmx@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.rmx@Content Type application/vnd.rn-realsystem-rmx
Reg HKLM\SOFTWARE\Classes\.rnx@ RealPlayer.RP.6
Reg HKLM\SOFTWARE\Classes\.rnx@Content Type application/vnd.rn-realplayer
Reg HKLM\SOFTWARE\Classes\.rp@ RealPlayer.PIX.6
Reg HKLM\SOFTWARE\Classes\.rp@Content Type image/vnd.rn-realpix
Reg HKLM\SOFTWARE\Classes\.rpm@Content Type audio/x-pn-realaudio-plugin
Reg HKLM\SOFTWARE\Classes\.rpm@CLSID {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
Reg HKLM\SOFTWARE\Classes\.rsb@ ACDSee 6.0.rsb
Reg HKLM\SOFTWARE\Classes\.rsml@ RealPlayer.RSML.6
Reg HKLM\SOFTWARE\Classes\.rsml@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.rsml@Content Type application/vnd.rn-rsml
Reg HKLM\SOFTWARE\Classes\.rt@ RealPlayer.RT.6
Reg HKLM\SOFTWARE\Classes\.rt@Content Type text/vnd.rn-realtext
Reg HKLM\SOFTWARE\Classes\.rv@ RealPlayer.RV.6
Reg HKLM\SOFTWARE\Classes\.rv@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.rv@Content Type video/vnd.rn-realvideo
Reg HKLM\SOFTWARE\Classes\.rvx@ RealPlayer.RVX.6
Reg HKLM\SOFTWARE\Classes\.rvx@PerceivedType audio
Reg HKLM\SOFTWARE\Classes\.scm@ StarEdit.Scenario
Reg HKLM\SOFTWARE\Classes\.scx@ StarEdit.BWScenario
Reg HKLM\SOFTWARE\Classes\.sgi@ ACDSee 6.0.sgi
Reg HKLM\SOFTWARE\Classes\.sgi@Content Type image/x-sgi
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithList
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithList\PictureViewer.exe
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithProgIds@QuickTime.sgi
Reg HKLM\SOFTWARE\Classes\.shn@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.shn\ShellEx
Reg HKLM\SOFTWARE\Classes\.shn\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.shn\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.sib@ Sibelius.Scorch
Reg HKLM\SOFTWARE\Classes\.sib@Content Type application/x-sibelius-score
Reg HKLM\SOFTWARE\Classes\.smi@ RealPlayer.SMIL.6
Reg HKLM\SOFTWARE\Classes\.smi@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.smi@Content Type application/smil
Reg HKLM\SOFTWARE\Classes\.smi\OpenWithList
Reg HKLM\SOFTWARE\Classes\.smi\OpenWithList\QuickTimePlayer.exe
Reg HKLM\SOFTWARE\Classes\.smi\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.smi\OpenWithProgIds@QuickTime.smi
Reg HKLM\SOFTWARE\Classes\.smil@ RealPlayer.SMIL.6
Reg HKLM\SOFTWARE\Classes\.smil@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.smil@Content Type application/smil
Reg HKLM\SOFTWARE\Classes\.smil\OpenWithList
Reg HKLM\SOFTWARE\Classes\.smil\OpenWithList\QuickTimePlayer.exe
Reg HKLM\SOFTWARE\Classes\.smil\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.smil\OpenWithProgIds@QuickTime.smil
Reg HKLM\SOFTWARE\Classes\.ssm@ SSM
Reg HKLM\SOFTWARE\Classes\.ssm@PerceivedType video
Reg HKLM\SOFTWARE\Classes\.ssm@Content Type application/streamingmedia
Reg HKLM\SOFTWARE\Classes\.stx@ ACD Showtime! for PENTAX.stx
Reg HKLM\SOFTWARE\Classes\.tga@ ACDSee 6.0.tga
Reg HKLM\SOFTWARE\Classes\.tga@Content Type image/x-targa
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithList
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithList\PictureViewer.exe
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithProgIds@QuickTime.tga
Reg HKLM\SOFTWARE\Classes\.WAgame@ Team17.WAgame
Reg HKLM\SOFTWARE\Classes\.wv@ DMCConvert
Reg HKLM\SOFTWARE\Classes\.wv\ShellEx
Reg HKLM\SOFTWARE\Classes\.wv\ShellEx\{00021500-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\.wv\ShellEx\{00021500-0000-0000-C000-000000000046}@
Reg HKLM\SOFTWARE\Classes\.xbm@ ACDSee 6.0.xbm
Reg HKLM\SOFTWARE\Classes\.xht@ xhtfile
Reg HKLM\SOFTWARE\Classes\.xht@Content Type application/xhtml+xml
Reg HKLM\SOFTWARE\Classes\.xhtml@ xhtmlfile
Reg HKLM\SOFTWARE\Classes\.xhtml@Content Type application/xhtml+xml
Reg HKLM\SOFTWARE\Classes\.xpm@ ACDSee 6.0.xpm
Reg HKLM\SOFTWARE\Classes\Acclaim Game Launcher@ GameLauncher Control
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx@ ACD Showtime! for PENTAX Project
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\DefaultIcon@ C:\Program Files\ACD Systems\Showtime! for PENTAX\1.0\Showtime.exe,19
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\shell
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\shell@ open
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\shell\open
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\shell\open\command
Reg HKLM\SOFTWARE\Classes\ACD Showtime! for PENTAX.stx\shell\open\command@ "C:\Program Files\ACD Systems\Showtime! for PENTAX\1.0\Showtime.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani@ ACDSee 6.0 ICO Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ICO.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDPrint@
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 15th, 2010, 9:50 pm

Class
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl\CLSID
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl\CLSID@ {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl\CurVer
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl\CurVer@ IERPCtl.IERPCtl.1
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl.1@ IERPCtl Class
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl.1\CLSID@ {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator\CurVer@ isaim.aimlocator.1
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1@ aimlocator Class
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID
Reg HKLM\SOFTWARE\Classes\isaim.aimlocator.1\CLSID@ {BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper@ InstallShield for Windows Installer ScriptWrapper
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper\CLSID@ {B01FEB50-45ED-11D3-B444-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1@ InstallShield for Windows Installer ScriptWrapper
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.ScriptWrapper.1\CLSID@ {B01FEB50-45ED-11D3-B444-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable@ InstallShield for Windows Installer String Table
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable\CLSID@ {B9A7E591-6C9C-11D3-B452-00104B261643}
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1@ InstallShield for Windows Installer String Table
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1\CLSID
Reg HKLM\SOFTWARE\Classes\ISScriptHandler.StringTable.1\CLSID@ {B9A7E591-6C9C-11D3-B452-00104B261643}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature@ KHFeature Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature\CLSID@ {B153D707-447A-4538-913E-6146B3FDEE02}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature.1@ KHFeature Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature.1\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHFeature.1\CLSID@ {B153D707-447A-4538-913E-6146B3FDEE02}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface@ KHInterface Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface\CLSID@ {AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface\CurVer
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface\CurVer@ Keyhole.KHInterface.1
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface.1@ KHInterface Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface.1\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHInterface.1\CLSID@ {AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents@ KHViewExtents Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents\CLSID@ {63E6BE14-A742-4EEA-8AF3-0EC39F10F850}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents.1@ KHViewExtents Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents.1\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewExtents.1\CLSID@ {63E6BE14-A742-4EEA-8AF3-0EC39F10F850}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo@ KHViewInfo Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo\CLSID@ {A2D4475B-C9AA-48E2-A029-1DB829DACF7B}
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo\CurVer
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo\CurVer@ Keyhole.KHViewInfo.1
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo.1@ KHViewInfo Class
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\Keyhole.KHViewInfo.1\CLSID@ {A2D4475B-C9AA-48E2-A029-1DB829DACF7B}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1@
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\LiquidMotion.LMEngine.1\CLSID@ {C533ADF1-0C80-11D1-8C54-00A02468F316}
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr\CurVer@ LM.AutoEffectBvr.1
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1@ LM Auto Effect Behavior
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.AutoEffectBvr.1\CLSID@ {BB339A46-7C49-11d2-9BF3-00C04FA34789}
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory\CurVer@ LM.LMBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1@ LM Behavior Factory
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMBehaviorFactory.1\CLSID@ {B1549E58-3894-11D2-BB7F-00A0C999C4C1}
Reg HKLM\SOFTWARE\Classes\LM.LMReader@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer
Reg HKLM\SOFTWARE\Classes\LM.LMReader\CurVer@ LM.LMReader.1
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1@ LM Runtime Control
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID
Reg HKLM\SOFTWARE\Classes\LM.LMReader.1\CLSID@ {183C259A-0480-11d1-87EA-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture@ ltmmCapture Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture\CLSID@ {00130979-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture\CurVer@ LTMM.ltmmCapture.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture.130@ ltmmCapture Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCapture.130\CLSID@ {00130979-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl@ ltmmCaptureCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl\CLSID@ {0013097A-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl\CurVer@ LTMM.ltmmCaptureCtrl.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl.130@ ltmmCaptureCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmCaptureCtrl.130\CLSID@ {0013097A-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert@ ltmmConvert Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert\CLSID@ {0013097F-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert\CurVer@ LTMM.ltmmConvert.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert.130@ ltmmConvert Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvert.130\CLSID@ {0013097F-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl@ ltmmConvertCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl\CLSID@ {00130980-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl\CurVer@ LTMM.ltmmConvertCtrl.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl.130@ ltmmConvertCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmConvertCtrl.130\CLSID@ {00130980-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample@ ltmmMediaSample Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample\CLSID@ {00130983-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample\CurVer@ LTMM.ltmmMediaSample.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample.130@ ltmmMediaSample Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaSample.130\CLSID@ {00130983-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType@ ltmmMediaType Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType\CLSID@ {00130984-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType\CurVer@ LTMM.ltmmMediaType.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType.130@ ltmmMediaType Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMediaType.130\CLSID@ {00130984-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory@ ltmmMemory Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory\CLSID@ {001309BB-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory\CurVer@ LTMM.ltmmMemory.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory.130@ ltmmMemory Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMemory.130\CLSID@ {001309BB-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource@ ltmmMultiStreamSource Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource\CLSID@ {001309C4-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource\CurVer@ LTMM.ltmmMultiStreamSource.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource.130@ ltmmMultiStreamSource Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamSource.130\CLSID@ {001309C4-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget@ ltmmMultiStreamTarget Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget\CLSID@ {001309C6-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget\CurVer@ LTMM.ltmmMultiStreamTarget.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget.130@ ltmmMultiStreamTarget Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmMultiStreamTarget.130\CLSID@ {001309C6-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay@ ltmmPlay Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay\CLSID@ {00130985-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay\CurVer@ LTMM.ltmmPlay.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay.130@ ltmmPlay Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlay.130\CLSID@ {00130985-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl@ ltmmPlayCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl\CLSID@ {00130986-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl\CurVer@ LTMM.ltmmPlayCtrl.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl.130@ ltmmPlayCtrl Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmPlayCtrl.130\CLSID@ {00130986-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource@ ltmmSampleSource Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource\CLSID@ {00130989-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource\CurVer@ LTMM.ltmmSampleSource.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource.130@ ltmmSampleSource Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleSource.130\CLSID@ {00130989-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget@ ltmmSampleTarget Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget\CLSID@ {0013098A-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget\CurVer@ LTMM.ltmmSampleTarget.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget.130@ ltmmSampleTarget Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmSampleTarget.130\CLSID@ {0013098A-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker@ ltmmStreamMoniker Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker\CLSID@ {001309B9-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker\CurVer@ LTMM.ltmmStreamMoniker.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker.130@ ltmmStreamMoniker Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmStreamMoniker.130\CLSID@ {001309B9-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager@ ltmmWMProfileManager Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager\CLSID@ {001309AF-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager\CurVer
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager\CurVer@ LTMM.ltmmWMProfileManager.130
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager.130@ ltmmWMProfileManager Class
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager.130\CLSID
Reg HKLM\SOFTWARE\Classes\LTMM.ltmmWMProfileManager.130\CLSID@ {001309AF-B1BA-11CE-ABC6-F5B2E79D9E3F}
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr\CurVer@ MoveBvr.MoveBvr.1
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1@ MoveBvr Class
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\MoveBvr.MoveBvr.1\CLSID@ {C5B86F32-69EE-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl@ MSN Photo Upload Tool
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl\CLSID
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl\CLSID@ {4F1E5B1A-2A80-42ca-8532-2D05CB959537}
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl\CurVer
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl\CurVer@ MsnPhotoUpload.PhotoUploadCtl.1
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl.1@ MSN Photo Upload Tool
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\MsnPhotoUpload.PhotoUploadCtl.1\CLSID@ {4F1E5B1A-2A80-42ca-8532-2D05CB959537}
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2@ NCTAudioFile2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2\CLSID@ {77829F14-D911-40FF-A2F0-D11DB8D6D0BC}
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2\CurVer@ NCTAudioFile2.AudioFile2.2
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2.2@ NCTAudioFile2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2.2\CLSID@ {77829F14-D911-40FF-A2F0-D11DB8D6D0BC}
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc@ AudioFile2LameEnc Class
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc\CLSID@ {35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc.1@ AudioFile2LameEnc Class
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc.1\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioFile2.AudioFile2LameEnc.1\CLSID@ {35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2@ NCTAudioInformation2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2\CLSID@ {AAFA1E73-4842-4BEC-BC46-48C62E1C5C9C}
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2\CurVer@ NCTAudioInformation2.AudioInformation2.2
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2.2@ NCTAudioInformation2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioInformation2.AudioInformation2.2\CLSID@ {AAFA1E73-4842-4BEC-BC46-48C62E1C5C9C}
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2@ NCTAudioPlayer2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2\CLSID@ {8532DECB-E102-48A8-BE72-DADC2B02C49F}
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2\CurVer@ NCTAudioPlayer2.AudioPlayer2.2
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2.2@ NCTAudioPlayer2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioPlayer2.AudioPlayer2.2\CLSID@ {8532DECB-E102-48A8-BE72-DADC2B02C49F}
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2@ AudioTransform2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2\CLSID@ {5AD31A03-9136-4C8E-AAA8-121B20B5EA66}
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2\CurVer@ NCTAudioTransform2.AudioTransform2.2
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2.2@ AudioTransform2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransform2.2\CLSID@ {5AD31A03-9136-4C8E-AAA8-121B20B5EA66}
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2@ NCTAudioTransformDisplay2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2\CLSID@ {5F752827-675A-445A-B5F5-5A3BF9F49D06}
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2\CurVer@ NCTAudioTransform2.AudioTransformDisplay2.2
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2.2@ NCTAudioTransformDisplay2 Class
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTAudioTransform2.AudioTransformDisplay2.2\CLSID@ {5F752827-675A-445A-B5F5-5A3BF9F49D06}
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2@ WMAFile2 Class
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2\CLSID@ {6ED74AE3-8066-4385-AABA-243E033F75A3}
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2\CurVer@ NCTWMAFile2.WMAFile2.2
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2.2@ WMAFile2 Class
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFile2.2\CLSID@ {6ED74AE3-8066-4385-AABA-243E033F75A3}
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2@ NCTWMAFileInformation2 Class
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2\CLSID@ {A8FA2FDE-BF01-4DD9-AAFF-7BACFDCAE896}
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2\CurVer
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2\CurVer@ NCTWMAFile2.WMAFileInformation2.2
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2.2@ NCTWMAFileInformation2 Class
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2.2\CLSID
Reg HKLM\SOFTWARE\Classes\NCTWMAFile2.WMAFileInformation2.2\CLSID@ {A8FA2FDE-BF01-4DD9-AAFF-7BACFDCAE896}
Reg HKLM\SOFTWARE\Classes\NeroMIX.File\shellex
Reg HKLM\SOFTWARE\Classes\NeroMIX.File\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\NeroMIX.File\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr\CurVer@ NumberBvr.NumberBvr.1
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1@ NumberBvr Class
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\NumberBvr.NumberBvr.1\CLSID@ {ECDB03D2-6E99-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr\CurVer@ PathBvr.PathBvr.1
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1@ PathBvr Class
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\PathBvr.PathBvr.1\CLSID@ {80F49562-6A9A-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\DefaultIcon@ C:\Program Files\PhoTags Express\PhoTags.exe,3
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\Open
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\Open\Command
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\Open\Command@ "C:\Program Files\PhoTags Express\PhoTags.exe" ""
Reg HKLM\SOFTWARE\Classes\Photags.album_Details\Shell
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\DefaultIcon@ C:\Program Files\PhoTags Express\PhoTags.exe,2
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\Open
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\Open\Command
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\Open\Command@ "C:\Program Files\PhoTags Express\PhoTags.exe" ""
Reg HKLM\SOFTWARE\Classes\Photags.album_Header\Shell
Reg HKLM\SOFTWARE\Classes\Photags.AutoplayHandler\shell
Reg HKLM\SOFTWARE\Classes\Photags.AutoplayHandler\shell\open
Reg HKLM\SOFTWARE\Classes\Photags.AutoplayHandler\shell\open\command
Reg HKLM\SOFTWARE\Classes\Photags.AutoplayHandler\shell\open\command@ "C:\Program Files\PhoTags Express\Photags.exe" "-acquire" "-device:%1"
Reg HKLM\SOFTWARE\Classes\PhoTags.Document@ PhoTag Document
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\DefaultIcon
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\DefaultIcon@ C:\PROGRA~1\PHOTAG~1\Photags.exe,1
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\open
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\open\command
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\open\command@ C:\PROGRA~1\PHOTAG~1\Photags.exe "%1"
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\print
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\print\command
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\print\command@ C:\PROGRA~1\PHOTAG~1\Photags.exe /p "%1"
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\printto
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\printto\command
Reg HKLM\SOFTWARE\Classes\PhoTags.Document\shell\printto\command@ C:\PROGRA~1\PHOTAG~1\Photags.exe /pt "%1" "%2" "%3" "%4"
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\DefaultIcon@ C:\Program Files\PhoTags Express\PhoTags.exe,5
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\Open
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\Open\Command
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\Open\Command@ "C:\Program Files\PhoTags Express\PhoTags.exe" ""
Reg HKLM\SOFTWARE\Classes\Photags.FolderClosed\Shell
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\DefaultIcon@ C:\Program Files\PhoTags Express\PhoTags.exe,6
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\Open
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\Open\Command
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\Open\Command@ "C:\Program Files\PhoTags Express\PhoTags.exe" ""
Reg HKLM\SOFTWARE\Classes\Photags.FolderOpen\Shell
Reg HKLM\SOFTWARE\Classes\Photags.Search\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Photags.Search\DefaultIcon@ C:\Program Files\PhoTags Express\PhoTags.exe,1
Reg HKLM\SOFTWARE\Classes\Photags.Search\Open
Reg HKLM\SOFTWARE\Classes\Photags.Search\Open\Command
Reg HKLM\SOFTWARE\Classes\Photags.Search\Open\Command@ "C:\Program Files\PhoTags Express\PhoTags.exe" ""
Reg HKLM\SOFTWARE\Classes\Photags.Search\Shell
Reg HKLM\SOFTWARE\Classes\pnm@ RealNetworks Streaming Protocol
Reg HKLM\SOFTWARE\Classes\pnm@URL Protocol
Reg HKLM\SOFTWARE\Classes\pnm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\pnm\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\pnm\shell
Reg HKLM\SOFTWARE\Classes\pnm\shell\open
Reg HKLM\SOFTWARE\Classes\pnm\shell\open\command
Reg HKLM\SOFTWARE\Classes\pnm\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\pnm\shellex
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\pnm\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo@ JPEGInfo Class
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo\CLSID
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo\CLSID@ {0FD0DE78-B43E-4419-93F0-2EC5D9F0BDD4}
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo\CurVer
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo\CurVer@ PTWinExt.JPEGInfo.1
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo.1@ JPEGInfo Class
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\PTWinExt.JPEGInfo.1\CLSID@ {0FD0DE78-B43E-4419-93F0-2EC5D9F0BDD4}
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt@ Photags Search Handler Class
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt\CLSID
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt\CLSID@ {181ED3BC-91D2-4424-B8E1-922B8F55BF56}
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt\CurVer
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt\CurVer@ PWSSearchHandler.ShellExt.1
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt.1@ Photags Search Handler Class
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt.1\CLSID
Reg HKLM\SOFTWARE\Classes\PWSSearchHandler.ShellExt.1\CLSID@ {181ED3BC-91D2-4424-B8E1-922B8F55BF56}
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow@ RealDownload Express InfoWindow Class
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow\CLSID
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow\CLSID@ {56336BCA-3D8A-11d6-A00B-0050DA18DE71}
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow\CurVer
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow\CurVer@ RealDownloadExpress.InfoWindow.1
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow.1@ RealDownload Express InfoWindow Class
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow.1\CLSID
Reg HKLM\SOFTWARE\Classes\RealDownloadExpress.InfoWindow.1\CLSID@ {56336BCA-3D8A-11d6-A00B-0050DA18DE71}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1@ RealSystem Skin
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJS.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1@ RealSystem Track Info Style
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RJT.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1@ RealSystem Media
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMJ.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1@ Real Metadata Package
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMP.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1@ RealSystem Secure Media File
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealJukebox.RMX.1\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10@ AMR Narrow-Band Content
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10@ AMR Wide-Band Content
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AMR_WB.10\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6@ RealPlayer AutoPlay for Audio CD
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell@ play
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play@ &Play
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6@ RealPlayer AutoPlay for MP3/Video CD
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6@URL Protocol
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6@ RealPlayer AutoPlay for Blank CD
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6@URL Protocol
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6@ DivX Video
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.DIVX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6@ RealPlayer AutoPlay for DVD
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell@ play
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play@ &Play
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler@ RealNetworks Scheduler
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID@ {67E76F1D-BDE2-4052-913C-2752366192D2}
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CurVer
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CurVer@ RealPlayer.HWEventHandler.1
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler.1@ RealNetworks Scheduler
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler.1\CLSID@ {67E76F1D-BDE2-4052-913C-2752366192D2}
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6@ Internet Video Recording
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.IVR.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6@ MP1 Audio
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP1.6\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6@ MPEG Audio
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.MPGA.6\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6@ RealPix
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.PIX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6@ RealAudio
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RA.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6@ RealPlayer Presentation
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAM.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6@ RealAudio Protected
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RAX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6@ RealAudio / RealVideo
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\DefaultIcon@ C:\Program
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 15th, 2010, 9:50 pm

Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RM.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6@ Secure RealAudio / RealVideo File
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,2
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMS.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6@ RealAudio / RealVideo VBR
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RMVB.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6@ RealPlayer File
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\DefaultIcon@ C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RP.6\shell\open\command@ "C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6@ RealSystem ML File
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RSML.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6@ RealText
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RT.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6@ RealVideo
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RV.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6@ RealVideo Protected
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.RVX.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6@ SMIL Multimedia Presentation
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\RealPlayer.SMIL.6\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr@ RFXInstMgr Class
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr\CurVer
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr\CurVer@ RFXInstMgr.RFXInstMgr.1
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr.1@ RFXInstMgr Class
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr.1\CLSID
Reg HKLM\SOFTWARE\Classes\RFXInstMgr.RFXInstMgr.1\CLSID@ {47f59200-8783-11d2-8343-00a0c945a819}
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document@
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\DefaultIcon@ "C:\Program Files\Rhapsody\rhapsody.exe",-12
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shell
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shell\open
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shell\open\command
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shell\open\command@ "C:\Program Files\Rhapsody\rhapsody.exe" "%1"
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shellex
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\Rhapsody.Document\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler@ RealPlayer Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler\CLSID@ {0FDF6D6B-D672-463B-846E-C6FF49109662}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler\CurVer@ rmocx.RealPlayer Download Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler.1@ RealPlayer Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Download Handler.1\CLSID@ {0FDF6D6B-D672-463B-846E-C6FF49109662}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control@ RealPlayer G2 Control
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control\CLSID@ {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control\CurVer@ rmocx.RealPlayer G2 Control.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control\Insertable
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control.1@ RealPlayer G2 Control
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer G2 Control.1\CLSID@ {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler@ RealPlayer Playback Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler\CLSID@ {3B46067C-FD87-49B6-8DDD-12F0D687035F}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler\CurVer@ rmocx.RealPlayer Playback Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler.1@ RealPlayer Playback Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Playback Handler.1\CLSID@ {3B46067C-FD87-49B6-8DDD-12F0D687035F}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler@ RealPlayer RAM Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler\CLSID@ {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler\CurVer@ rmocx.RealPlayer RAM Download Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler.1@ RealPlayer RAM Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RAM Download Handler.1\CLSID@ {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler@ RealPlayer RMP Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler\CLSID@ {44CCBCEB-BA7E-4C99-A078-9F683832D493}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler\CurVer@ rmocx.RealPlayer RMP Download Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler.1@ RealPlayer RMP Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RMP Download Handler.1\CLSID@ {44CCBCEB-BA7E-4C99-A078-9F683832D493}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler@ RealPlayer RNX Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler\CLSID@ {3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler\CurVer@ rmocx.RealPlayer RNX Download Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler.1@ RealPlayer RNX Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer RNX Download Handler.1\CLSID@ {3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler@ RealPlayer SMIL Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler\CLSID@ {224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler\CurVer@ rmocx.RealPlayer SMIL Download Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler.1@ RealPlayer SMIL Download Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer SMIL Download Handler.1\CLSID@ {224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler@ RealPlayer Stream Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler\CLSID@ {A1A41E11-91DB-4461-95CD-0C02327FD934}
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler\CurVer
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler\CurVer@ rmocx.RealPlayer Stream Handler.1
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler.1@ RealPlayer Stream Handler
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler.1\CLSID
Reg HKLM\SOFTWARE\Classes\rmocx.RealPlayer Stream Handler.1\CLSID@ {A1A41E11-91DB-4461-95CD-0C02327FD934}
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr\CurVer@ RotateBvr.RotateBvr.1
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1@ RotateBvr Class
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\RotateBvr.RotateBvr.1\CLSID@ {027713F2-5FA8-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt@ RPHttpPlugProt Class
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt\CLSID
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt\CLSID@ {4D50EBC1-F054-4110-8D92-700E630361A6}
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt\CurVer
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt\CurVer@ Rpplugprot.RPHttpPlugProt.1
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt.1@ RPHttpPlugProt Class
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt.1\CLSID
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPHttpPlugProt.1\CLSID@ {4D50EBC1-F054-4110-8D92-700E630361A6}
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter@ RPMimeFilter Class
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter\CLSID
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter\CLSID@ {C5838ED9-78F2-4c47-8B6B-2ACF9FA16F44}
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter\CurVer
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter\CurVer@ Rpplugprot.RPMimeFilter.1
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter.1@ RPMimeFilter Class
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter.1\CLSID
Reg HKLM\SOFTWARE\Classes\Rpplugprot.RPMimeFilter.1\CLSID@ {C5838ED9-78F2-4c47-8B6B-2ACF9FA16F44}
Reg HKLM\SOFTWARE\Classes\rtsp@ Real-Time Streaming Protocol
Reg HKLM\SOFTWARE\Classes\rtsp@URL Protocol
Reg HKLM\SOFTWARE\Classes\rtsp\DefaultIcon
Reg HKLM\SOFTWARE\Classes\rtsp\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\rtsp\shell
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open\command
Reg HKLM\SOFTWARE\Classes\rtsp\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\rtsp\shellex
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\rtsp\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr\CurVer@ ScaleBvr.ScaleBvr.1
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1@ ScaleBvr Class
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScaleBvr.ScaleBvr.1\CLSID@ {E80353D3-677D-11d2-875E-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog@ SdcCatalog Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog\CLSID@ {01113900-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog\CurVer@ SdcUser.Catalog.1
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog.1@ SdcCatalog Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Catalog.1\CLSID@ {01113900-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna@ SdcDna Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna\CLSID@ {01113d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna\CurVer@ SdcUser.Dna.1
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna.1@ SdcDna Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Dna.1\CLSID@ {01113d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem@ SdcEnvItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem\CLSID@ {01114700-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem\CurVer@ SdcUser.EnvItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem.1@ SdcEnvItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.EnvItem.1\CLSID@ {01114700-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem@ SdcFileItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem\CLSID@ {01114200-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem\CurVer@ SdcUser.FileItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem.1@ SdcFileItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.FileItem.1\CLSID@ {01114200-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem@ SdcIniItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem\CLSID@ {01114500-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem\CurVer@ SdcUser.IniItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem.1@ SdcIniItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.IniItem.1\CLSID@ {01114500-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem@ SdcLnkItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem\CLSID@ {01114400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem\CurVer@ SdcUser.LnkItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem.1@ SdcLnkItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.LnkItem.1\CLSID@ {01114400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine@ SdcMachine Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine\CLSID@ {01113400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine\CurVer@ SdcUser.Machine.1
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine.1@ SdcMachine Class
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.Machine.1\CLSID@ {01113400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem@ SdcMapItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem\CLSID@ {01114800-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem\CurVer@ SdcUser.MapItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem.1@ SdcMapItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.MapItem.1\CLSID@ {01114800-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem@ SdcPEFileItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem\CLSID@ {01114300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem\CurVer@ SdcUser.PEFileItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem.1@ SdcPEFileItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.PEFileItem.1\CLSID@ {01114300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem@ SdcRegItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem\CLSID@ {01114600-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem\CurVer@ SdcUser.RegItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem.1@ SdcRegItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.RegItem.1\CLSID@ {01114600-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem@ SdcSyncItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem\CLSID@ {01117a00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem\CurVer@ SdcUser.SdcSyncItem.1
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem.1@ SdcSyncItem Class
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.SdcSyncItem.1\CLSID@ {01117a00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl@ SupportSoft Password Reset Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl\CLSID@ {01118d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl\CurVer@ SdcUser.TgPassCtl.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl.1@ SupportSoft Password Reset Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TgPassCtl.1\CLSID@ {01118d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy@ SdcTxCopy Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy\CLSID@ {01114f00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy\CurVer@ SdcUser.TxCopy.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy.1@ SdcTxCopy Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxCopy.1\CLSID@ {01114f00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal@ SdcTxHeal Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal\CLSID@ {01114a00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal\CurVer@ SdcUser.TxHeal.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal.1@ SdcTxHeal Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxHeal.1\CLSID@ {01114a00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall@ SdcTxInstall Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall\CLSID@ {01114b00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall\CurVer@ SdcUser.TxInstall.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall.1@ SdcTxInstall Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxInstall.1\CLSID@ {01114b00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish@ SdcTxPublish Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish\CLSID@ {01115400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish\CurVer@ SdcUser.TxPublish.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish.1@ SdcTxPublish Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxPublish.1\CLSID@ {01115400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove@ SdcTxRemove Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove\CLSID@ {01114c00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove\CurVer@ SdcUser.TxRemove.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove.1@ SdcTxRemove Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxRemove.1\CLSID@ {01114c00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync@ SdcTxSync Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync\CLSID@ {01114e00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync\CurVer@ SdcUser.TxSync.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync.1@ SdcTxSync Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxSync.1\CLSID@ {01114e00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo@ SdcTxUndo Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo\CLSID@ {01114d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo\CurVer@ SdcUser.TxUndo.1
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo.1@ SdcTxUndo Class
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.TxUndo.1\CLSID@ {01114d00-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject@ Support.com UNC Class
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject\CLSID@ {01115901-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject\CurVer@ SdcUser.UNCObject.1
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject.1@ Support.com UNC Class
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.UNCObject.1\CLSID@ {01115901-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext@ SdcUserContext Class
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext\CLSID@ {01113800-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext\CurVer
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext\CurVer@ SdcUser.UserContext.1
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext.1@ SdcUserContext Class
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext.1\CLSID
Reg HKLM\SOFTWARE\Classes\SdcUser.UserContext.1\CLSID@ {01113800-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr\CurVer@ SetBvr.SetBvr.1
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1@ SetBvr Class
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\SetBvr.SetBvr.1\CLSID@ {BA60F742-6F72-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper@
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper\CLSID
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper\CLSID@ {0D458BE8-D99D-11D3-A92B-00105A088FAC}
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1@
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1\CLSID
Reg HKLM\SOFTWARE\Classes\Setup.SetupKernelWrapper.1\CLSID@ {0D458BE8-D99D-11D3-A92B-00105A088FAC}
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer@ SupportSoft Browser Container
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CLSID@ {01011200-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer\CurVer@ SPRT.BrowserContainer.1
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1@ SupportSoft Browser Container
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.BrowserContainer.1\CLSID@ {01011200-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck@ SdcNetCheckCtl Class
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck\CLSID@ {01011300-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck\CurVer@ SPRT.SdcNetCheck.1
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck.1@ SdcNetCheckCtl Class
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.SdcNetCheck.1\CLSID@ {01011300-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue@ SupportSoft SmartIssue
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue\CLSID@ {01010e00-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue\CurVer
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue\CurVer@ SPRT.SmartIssue.1
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue.1@ SupportSoft SmartIssue
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue.1\CLSID
Reg HKLM\SOFTWARE\Classes\SPRT.SmartIssue.1\CLSID@ {01010e00-5e80-11d8-9e86-0007e96c65ae}
Reg HKLM\SOFTWARE\Classes\SSM@ Streaming Media Metafile
Reg HKLM\SOFTWARE\Classes\SSM\DefaultIcon
Reg HKLM\SOFTWARE\Classes\SSM\DefaultIcon@ C:\Program Files\Real\RealPlayer\RealPlay.exe,1
Reg HKLM\SOFTWARE\Classes\SSM\shell
Reg HKLM\SOFTWARE\Classes\SSM\shell\open
Reg HKLM\SOFTWARE\Classes\SSM\shell\open\command
Reg HKLM\SOFTWARE\Classes\SSM\shell\open\command@ "C:\Program Files\Real\RealPlayer\RealPlay.exe" "%1"
Reg HKLM\SOFTWARE\Classes\SSM\shellex
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers\RealPlayerHandler
Reg HKLM\SOFTWARE\Classes\SSM\shellex\ContextMenuHandlers\RealPlayerHandler@ {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario@ Starcraft Brood War Scenario
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\DefaultIcon
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open\command
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open\ddeexec@ %1
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\StarEdit.BWScenario\shell\open\ddeexec\Application@ StarEdit
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario@ Starcraft Scenario
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\DefaultIcon
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open\command
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open\ddeexec@ %1
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\StarEdit.Scenario\shell\open\ddeexec\Application@ StarEdit
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID@ {1AFCDC7D-C666-485B-8829-416FCFD77E17}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer@ SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID@ {1AFCDC7D-C666-485B-8829-416FCFD77E17}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl\CurVer@ SWCtl.SWCtl.10.1.1
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.10.1.1\CLSID@ {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.7\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1@ Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.8.5.1\CLSID@ {166B1BCA-3F9C-11CF-8075-444553540000}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer@ Swdir.SwInstallerCtl.1
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1@ SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID@ {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Team17.WAgame@ Worms Armageddon Recorded Game
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell@ play
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getlog
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getlog@ Extract Log
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getlog\command
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getmap
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getmap@ Extract Map
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getmap\command
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getscheme
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getscheme@ Extract Scheme
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\getscheme\command
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\play
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\play@ Playback
Reg HKLM\SOFTWARE\Classes\Team17.WAgame\shell\play\command
Reg HKLM\SOFTWARE\Classes\TgLib.System@ Support.com System Class
Reg HKLM\SOFTWARE\Classes\TgLib.System\CLSID
Reg HKLM\SOFTWARE\Classes\TgLib.System\CLSID@ {01111000-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\TgLib.System\CurVer
Reg HKLM\SOFTWARE\Classes\TgLib.System\CurVer@ TgLib.System.1
Reg HKLM\SOFTWARE\Classes\TgLib.System.1@ Support.com System Class
Reg HKLM\SOFTWARE\Classes\TgLib.System.1\CLSID
Reg HKLM\SOFTWARE\Classes\TgLib.System.1\CLSID@ {01111000-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig@ Support.com Config Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig\CLSID@ {01111400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig\CurVer@ Tglib.TgConfig.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig.1@ Support.com Config Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgConfig.1\CLSID@ {01111400-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery@ Support.com Discovery Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery\CLSID@ {01111600-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery\CurVer@ Tglib.TgDiscovery.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery.1@ Support.com Discovery Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgDiscovery.1\CLSID@ {01111600-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch@ Support.com Fetch Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch\CLSID@ {01111500-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch\CurVer@ Tglib.TgFetch.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch.1@ Support.com Fetch Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgFetch.1\CLSID@ {01111500-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal@ Support.com Heal Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal\CLSID@ {01111200-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal\CurVer@ Tglib.TgHeal.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal.1@ Support.com Heal Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgHeal.1\CLSID@ {01111200-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall@ Support.com Install Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall\CLSID@ {01111300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall\CurVer@ Tglib.TgInstall.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall.1@ Support.com Install Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgInstall.1\CLSID@ {01111300-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect@ Support.com Protect Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect\CLSID@ {01111100-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect\CurVer@ Tglib.TgProtect.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect.1@ Support.com Protect Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgProtect.1\CLSID@ {01111100-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile@ Support.com StreamFile Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile\CLSID@ {01111700-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile\CurVer@ Tglib.TgStreamFile.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile.1@ Support.com StreamFile Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamFile.1\CLSID@ {01111700-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr@ Support.com StreamStdErr Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr\CLSID@ {01111900-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr\CurVer
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr\CurVer@ Tglib.TgStreamStdErr.1
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr.1@ Support.com StreamStdErr Class
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr.1\CLSID
Reg HKLM\SOFTWARE\Classes\Tglib.TgStreamStdErr.1\CLSID@ {01111900-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx\CurVer@ unagiAx.UnagiAx.2
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2@ UnagiAx Class
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\CLSID@ {6E704581-CCAE-46D2-9C64-20D724B3624E}
Reg HKLM\SOFTWARE\Classes\unagiAx.UnagiAx.2\Insertable
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document@ Creative WaveStudio
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\DefaultIcon@ C:\PROGRA~1\Creative\SBLive\WAVEST~1\CTWave32.exe,0
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\open
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\open\command
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\open\command@ C:\PROGRA~1\Creative\SBLive\WAVEST~1\CTWave32.exe /dde
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\print
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\print\command
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\print\command@ C:\PROGRA~1\Creative\SBLive\WAVEST~1\CTWave32.exe /dde
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\print\ddeexec
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\print\ddeexec@ [print("%1")]
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\printto
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\printto\command
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\printto\command@ C:\PROGRA~1\Creative\SBLive\WAVEST~1\CTWave32.exe /dde
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\printto\ddeexec
Reg HKLM\SOFTWARE\Classes\WaveStudio.Document\shell\printto\ddeexec@ [printto("%1","%2","%3","%4")]
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2@ EncodeMP3File2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2\CLSID@ {A97BBEB0-2D4C-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2\CurVer
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2\CurVer@ Xmencmp3.EncodeMP3File2.1
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2.1@ EncodeMP3File2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3File2.1\CLSID@ {A97BBEB0-2D4C-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2@ EncodeMP3Mem2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2\CLSID@ {477A3783-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2\CurVer
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2\CurVer@ Xmencmp3.EncodeMP3Mem2.1
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2.1@ EncodeMP3Mem2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.EncodeMP3Mem2.1\CLSID@ {477A3783-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3@ MP3Encoder3 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3\CLSID@ {477A3789-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3\CurVer
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3\CurVer@ Xmencmp3.MP3Encoder3.1
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3.1@ MP3Encoder3 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3.1\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.MP3Encoder3.1\CLSID@ {477A3789-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2@ QueryMPEGAudioFile2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2\CLSID@ {477A3787-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2\CurVer
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2\CurVer@ Xmencmp3.QueryMPEGAudioFile2.1
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2.1@ QueryMPEGAudioFile2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryMPEGAudioFile2.1\CLSID@ {477A3787-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2@ QueryWavFile2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2\CLSID@ {477A3785-2D4D-11D3-B244-444553540000}
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2\CurVer
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2\CurVer@ Xmencmp3.QueryWavFile2.1
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2.1@ QueryWavFile2 Class
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Xmencmp3.QueryWavFile2.1\CLSID@ {477A3785-2D4D-11D3-B244-444553540000}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


I used to have a son who worked on the computer but since he moved onto his college campus (one year ago) he will not
come home and help me out. Which is understandable during the semester but there are spring, summer and winter breaks.
He always says he will but never does- I have been trying to figure out how to emulate his behavior (to teach him a lesson) but have'nt been able to think of anything.
Hope you had a nice weekend!
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 15th, 2010, 10:17 pm

Dear shinybeast:
I messed up the following should be inserted after my first reply:

Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ani\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art@ ACDSee 6.0 ART Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ART.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.art\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.bw\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur@ ACDSee 6.0 ICO Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ICO.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.cur\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv@ ACDSee 6.0 DjVu Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_DjVu.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djv\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu@ ACDSee 6.0 DjVu Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_DjVu.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.djvu\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx@ ACDSee 6.0 FPX Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_FPX.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.fpx\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl@ ACDSee 6.0 ICL Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ICO.apl,1
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icl\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn@ ACDSee 6.0 ICN Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ICN.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.icn\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico@ ACDSee 6.0 ICO Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_ICO.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ico\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff@ ACDSee 6.0 IFF Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_IFF.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iff\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm@ ACDSee 6.0 IFF Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_IFF.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ilbm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.int\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.inta\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4@ ACDSee 6.0 DjVu Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_DjVu.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.iw4\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc@ ACDSee 6.0 KDC Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_KDC.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.kdc\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm@ ACDSee 6.0 IFF Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_IFF.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.lbm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag@ ACDSee 6.0 MAG Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_Mag.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.mag\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm@ ACDSee 6.0 PBM Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PNM.apl,1
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pbm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct@ ACDSee 6.0 PICT Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_Pict.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pct\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm@ ACDSee 6.0 PGM Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PNM.apl,2
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pgm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic@ ACDSee 6.0 PIC Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_ACDStd.apl,1
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pic\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict@ ACDSee 6.0 PICT Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_Pict.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pict\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix@ ACDSee 6.0 PIX Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PIX.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.pix\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp@ ACDSee 6.0 PLP Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PLP.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.plp\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm@ ACDSee 6.0 PPM Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PNM.apl,3
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ppm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd@ ACDSee 6.0 PSD Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_PSD.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psd\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp@ ACDSee 6.0 PSP Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_PSP.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.psp\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras@ ACDSee 6.0 RAS Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_RAS.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.ras\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgb\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rgba\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb@ ACDSee 6.0 RS Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_RSB.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDView@
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 15th, 2010, 10:19 pm

Dear shinybeast:
I guess you will be able to tell alphabetically how my posts should be viewed. This is the new 3rd post!
View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.rsb\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi@ ACDSee 6.0 SGI Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_SGI.apl,0
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.sgi\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga@ ACDSee 6.0 TGA Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_ACDStd.apl,7
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.tga\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm@ ACDSee 6.0 XBM Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_X.apl,1
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xbm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm@ ACDSee 6.0 XPM Image
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\DefaultIcon@ C:\Program Files\Common Files\ACD Systems\PlugIns2\ID_X.apl,2
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell@ Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDPrint
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDPrint@ Print with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDPrint\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDPrint\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" /p "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDView
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDView@ View with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDView\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\ACDView\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee 6.0.xpm\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell
Reg HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell\Open
Reg HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell\Open@ Open with ACDSee
Reg HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell\Open\command
Reg HKLM\SOFTWARE\Classes\ACDSee.AutoPlayHandler\shell\Open\command@ "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1"
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr\CurVer@ ActionBvr.ActionBvr.1
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1@ ActionBvr Class
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActionBvr.ActionBvr.1\CLSID@ {58A2E406-8304-11D2-9533-0060b0C3C4F4}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin\CurVer@ ActiveSkin4.Skin.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1@ ActiveSkin Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.Skin.1\CLSID@ {0944D16C-D0F4-4389-982A-A085595A9EB3}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel\CurVer@ ActiveSkin4.SkinLabel.1
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1@ SkinLabel Control
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActiveSkin4.SkinLabel.1\CLSID@ {5954EA75-9BFA-461A-BD34-CEA3A861FF19}
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr\CurVer@ ActorBvr.ActorBvr.1
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1@ ActorBvr Class
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ActorBvr.ActorBvr.1\CLSID@ {6DDE3061-736C-11D2-A5E8-00A0C967A25F}
Reg HKLM\SOFTWARE\Classes\aim@ URL: AOL Instant M
Reg HKLM\SOFTWARE\Classes\aim@URL Protocol
Reg HKLM\SOFTWARE\Classes\aim\shell
Reg HKLM\SOFTWARE\Classes\aim\shell\open
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command
Reg HKLM\SOFTWARE\Classes\aim\shell\open\command@ C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp %1
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl@ TIFF Image
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\CLSID@ {106E49CF-797A-11D2-81A2-00E02C015623}
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\CurVer@ Alttiff.AlttiffCtl.1
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\shell
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\shell\open
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\shell\open@
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\shell\open\command
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1"
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl.1@ AlttiffCtl Class
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Alttiff.AlttiffCtl.1\CLSID@ {106E49CF-797A-11D2-81A2-00E02C015623}
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto@ AutoProto Class
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto\CurVer
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto\CurVer@ AutoProto.AutoProto.1
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto.1@ AutoProto Class
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto.1\CLSID
Reg HKLM\SOFTWARE\Classes\AutoProto.AutoProto.1\CLSID@ {D24C7F41-2F44-11D3-92EF-00C0F01F77C1}
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream@ AutoStream Class
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream\CurVer
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream\CurVer@ AutoStream.AutoStream.1
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream.1@ AutoStream Class
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream.1\CLSID
Reg HKLM\SOFTWARE\Classes\AutoStream.AutoStream.1\CLSID@ {405DE7C0-E7DD-11D2-92C5-00C0F01F77C1}
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl@ CDDBControl Class
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl\CLSID
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl\CLSID@ {339bccb5-3ab4-4495-94ed-29102f59894c}
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl\CurVer
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl\CurVer@ CDDBRealControl.CDDBControl.1
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl.1@ CDDBControl Class
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl.1\CLSID@ {339bccb5-3ab4-4495-94ed-29102f59894c}
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CDDBControl.1\Insertable
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc@ CddbDisc Class
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc\CLSID
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc\CLSID@ {0272c6e8-83e5-43d2-92f4-a374385bdac4}
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc\CurVer
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc\CurVer@ CDDBRealControl.CddbDisc.1
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc.1@ CddbDisc Class
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc.1\CLSID
Reg HKLM\SOFTWARE\Classes\CDDBRealControl.CddbDisc.1\CLSID@ {0272c6e8-83e5-43d2-92f4-a374385bdac4}
Reg HKLM\SOFTWARE\Classes\CDDBUIControlRoxio.CddbInfoWindow2@ CddbInfoWindow Class
Reg HKLM\SOFTWARE\Classes\CDDBUIControlRoxio.CddbInfoWindow2\CLSID
Reg HKLM\SOFTWARE\Classes\CDDBUIControlRoxio.CddbInfoWindow2\CLSID@ {c955dd8e-0167-440b-be27-dac0a2e03233}
Reg HKLM\SOFTWARE\Classes\CDDBUIControlRoxio.CddbInfoWindow2\CurVer
Reg HKLM\SOFTWARE\Classes\CDDBUIControlRoxio.CddbInfoWindow2\CurVer@ CDDBUIControlRoxio.CddbInfoWindow.1
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr\CurVer@ ColorBvr.ColorBvr.1
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1@ ColorBvr Class
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\ColorBvr.ColorBvr.1\CLSID@ {3845A174-EB30-11D1-9A23-00A0C879FE5F}
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory\CurVer@ CR.CrBehaviorFactory.1
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1@ Cr Behavior Factory
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID
Reg HKLM\SOFTWARE\Classes\CR.CrBehaviorFactory.1\CLSID@ {754FF233-5D4E-11d2-875B-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\CreateCD50@ Start Easy CD Creator 5 Basic.
Reg HKLM\SOFTWARE\Classes\CreateCD50\shell
Reg HKLM\SOFTWARE\Classes\CreateCD50\shell\open
Reg HKLM\SOFTWARE\Classes\CreateCD50\shell\open\Command
Reg HKLM\SOFTWARE\Classes\CreateCD50\shell\open\Command@ "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -x
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAArray.1\CLSID@ {D17506C3-6B26-11D0-8914-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox2.1\CLSID@ {C46C1BCE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABbox3.1\CLSID@ {C46C1BDE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABehavior.1\CLSID@ {283807B8-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DABoolean.1\CLSID@ {C46C1BC1-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DACamera.1\CLSID@ {C46C1BE2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAColor.1\CLSID@ {C46C1BC6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DADashStyle.1\CLSID@ {C46C1BF0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEndStyle.1\CLSID@ {C46C1BEC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAEvent.1\CLSID@ {50B4791F-4731-11D0-8912-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAFontStyle.1\CLSID@ {25B0F91C-D23D-11D0-9B85-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAGeometry.1\CLSID@ {C46C1BE0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAImage.1\CLSID@ {C46C1BD4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAJoinStyle.1\CLSID@ {C46C1BEE-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DALineStyle.1\CLSID@ {C46C1BF2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMatte.1\CLSID@ {C46C1BD2-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMicrophone.1\CLSID@ {C46C1BE6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAMontage.1\CLSID@ {C46C1BD6-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DANumber.1\CLSID@ {9CDE7341-3C20-11D0-A330-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPair.1\CLSID@ {C46C1BF4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPath2.1\CLSID@ {C46C1BD0-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint2.1\CLSID@ {C46C1BC8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAPoint3.1\CLSID@ {C46C1BD8-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DASound.1\CLSID@ {C46C1BE4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAStatics.1\CLSID@ {542FB453-5003-11CF-92A2-00AA00B8A733}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAString.1\CLSID@ {C46C1BC4-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform2.1\CLSID@ {C46C1BCC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATransform3.1\CLSID@ {C46C1BDC-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DATuple.1\CLSID@ {5DFB2651-9668-11D0-B17B-00C04FC2A0CA}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAUserData.1\CLSID@ {AF868304-AB0B-11D0-876A-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector2.1\CLSID@ {C46C1BCA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAVector3.1\CLSID@ {C46C1BDA-3C52-11D0-9200-848C1D000000}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1@
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DAView.1\CLSID@ {283807B5-2C60-11D0-A31D-00AA00B92C03}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1@ Microsoft DirectAnimation Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationIntegratedMediaControl.1\CLSID@ {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D}
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl\CurVer@ DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1@ Microsoft DirectAnimation Windowed Control
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectAnimation.DirectAnimationWindowedIntegratedMediaControl.1\CLSID@ {69AD90EF-1C20-11d1-8801-00C04FC29D46}
Reg HKLM\SOFTWARE\Classes\divxsm@ DivX Settings Manager
Reg HKLM\SOFTWARE\Classes\divxsm\CLSID
Reg HKLM\SOFTWARE\Classes\divxsm\CLSID@ {A0717E52-8AC8-4dd9-8682-0B76775125E6}
Reg HKLM\SOFTWARE\Classes\dMC.AudioCD.Autorun\shell
Reg HKLM\SOFTWARE\Classes\dMC.AudioCD.Autorun\shell\open
Reg HKLM\SOFTWARE\Classes\dMC.AudioCD.Autorun\shell\open\command
Reg HKLM\SOFTWARE\Classes\DMCConvert\shellex
Reg HKLM\SOFTWARE\Classes\DMCConvert\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\DMCConvert\shellex\PropertySheetHandlers
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook@ CHXAudioDeviceHook Class
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook\CLSID
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook\CLSID@ {2cfa30da-118b-4ca3-aaf3-f474162302e5}
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook\CurVer
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook\CurVer@ DMO.HXAudioDeviceHook.1
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook.1@ CHXAudioDeviceHook Class
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook.1\CLSID
Reg HKLM\SOFTWARE\Classes\DMO.HXAudioDeviceHook.1\CLSID@ {2cfa30da-118b-4ca3-aaf3-f474162302e5}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve@ Dissolve
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve\CLSID@ {90b5e2e1-5050-11d1-b83e-00a0c933be86}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve\CurVer@ DX3DTransform.Microsoft.Dissolve.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve.1@ Dissolve
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Dissolve.1\CLSID@ {90b5e2e1-5050-11d1-b83e-00a0c933be86}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode@ Explode
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode\CLSID@ {141DBAF1-55FB-11D1-B83E-00A0C933BE86}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode\CurVer@ DX3DTransform.Microsoft.Explode.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode.1@ Explode
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Explode.1\CLSID@ {141DBAF1-55FB-11D1-B83E-00A0C933BE86}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip@ Flip
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip\CLSID@ {3A5EA1BA-3C28-11D1-9039-00C04FD9189D}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip\CurVer@ DX3DTransform.Microsoft.Flip.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip.1@ Flip
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Flip.1\CLSID@ {3A5EA1BA-3C28-11D1-9039-00C04FD9189D}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField@ HeightField
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField\CLSID@ {04921709-B159-11d1-9207-0000F8758E66}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField\CurVer@ DX3DTransform.Microsoft.HeightField.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField.1@ HeightField
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.HeightField.1\CLSID@ {04921709-B159-11d1-9207-0000F8758E66}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple@ Ripple
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple\CLSID@ {945F5842-3A8D-11D1-9037-00C04FD9189D}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple\CurVer@ DX3DTransform.Microsoft.Ripple.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple.1@ Ripple
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ripple.1\CLSID@ {945F5842-3A8D-11D1-9037-00C04FD9189D}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle@ Ruffle
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle\CLSID@ {69EE49C5-6268-11D1-B83E-00A0C933BE86}
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle\CurVer
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle\CurVer@ DX3DTransform.Microsoft.Ruffle.1
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle.1@ Ruffle
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle.1\CLSID
Reg HKLM\SOFTWARE\Classes\DX3DTransform.Microsoft.Ruffle.1\CLSID@ {69EE49C5-6268-11D1-B83E-00A0C933BE86}
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5@ Easy CD Creator Image File
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\DefaultIcon
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\DefaultIcon@ C:\PROGRA~1\Roxio\EASYCD~1\EASYCD~1\CreatorImages\cdimage.ico
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\shell
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\shell\Record to CD
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\shell\Record to CD\command
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.DiscImage.5\shell\Record to CD\command@ C:\PROGRA~1\Roxio\EASYCD~1\EASYCD~1\Creatr50.exe %1
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5@ Easy CD Creator Project
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\DefaultIcon
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\DefaultIcon@ C:\PROGRA~1\Roxio\EASYCD~1\EASYCD~1\CreatorImages\cdproject.ico
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\shell
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\shell\open
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\shell\open\command
Reg HKLM\SOFTWARE\Classes\EasyCDCreator.Document.5\shell\open\command@ C:\PROGRA~1\Roxio\EASYCD~1\EASYCD~1\Creatr50.exe %1
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr\CurVer@ EffectBvr.EffectBvr.1
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1@ EffectBvr Class
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID
Reg HKLM\SOFTWARE\Classes\EffectBvr.EffectBvr.1\CLSID@ {54274112-7A5E-11d2-875F-00A0C93C09B3}
Reg HKLM\SOFTWARE\Classes\FirefoxHTML@ Firefox Document
Reg HKLM\SOFTWARE\Classes\FirefoxHTML@FriendlyTypeName Firefox Document
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon@ C:\PROGRA~1\MOZILL~1\FIREFOX.EXE,1
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command@ C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec@ "%1",,0,0,,,,
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec@NoActivateHandler
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Application@ Firefox
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\FirefoxURL@ Firefox URL
Reg HKLM\SOFTWARE\Classes\FirefoxURL@FriendlyTypeName Firefox URL
Reg HKLM\SOFTWARE\Classes\FirefoxURL@URL Protocol
Reg HKLM\SOFTWARE\Classes\FirefoxURL@EditFlags 2
Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon
Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon@ C:\PROGRA~1\MOZILL~1\FIREFOX.EXE,1
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\command
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\command@ C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec@ "%1",,0,0,,,,
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec@NoActivateHandler
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec\Application@ Firefox
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec\Topic@ WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\Google Earth.etafile@ Google Earth ETA
Reg HKLM\SOFTWARE\Classes\Google Earth.etafile\shell
Reg HKLM\SOFTWARE\Classes\Google Earth.etafile\shell\open
Reg HKLM\SOFTWARE\Classes\Google Earth.etafile\shell\open\command
Reg HKLM\SOFTWARE\Classes\Google Earth.etafile\shell\open\command@ C:\Program Files\Google\Google Earth\googleearth.exe "%1"
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile@ Google Earth KML
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\DefaultIcon@ C:\Program Files\Google\Google Earth\kml_file.ico
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\shell
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\shell\open
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\shell\open\command@ C:\Program Files\Google\Google Earth\googleearth.exe "%1"
Reg HKLM\SOFTWARE\Classes\Google Earth.kmlfile\shell\open\command@OldValue
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile@ Google Earth KMZ
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile@EditFlags 65536
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\DefaultIcon@ C:\Program Files\Google\Google Earth\kmz_file.ico
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\shell
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\shell\open
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\shell\open\command@ C:\Program Files\Google\Google Earth\googleearth.exe "%1"
Reg HKLM\SOFTWARE\Classes\Google Earth.kmzfile\shell\open\command@OldValue
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE@ AnimationControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE\CLSID@ {1A239250-B650-4B63-B4CF-7FCC4DC07DC6}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE\CurVer@ GoogleEarth.AnimationControllerGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE.1@ AnimationControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.AnimationControllerGE.1\CLSID@ {1A239250-B650-4B63-B4CF-7FCC4DC07DC6}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE@ ApplicationGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE\CLSID@ {8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE\CurVer@ GoogleEarth.ApplicationGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE.1@ ApplicationGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ApplicationGE.1\CLSID@ {8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE@ CameraInfoGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE\CLSID@ {645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE\CurVer@ GoogleEarth.CameraInfoGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE.1@ CameraInfoGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.CameraInfoGE.1\CLSID@ {645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE@ FeatureCollectionGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE\CLSID@ {9059C329-4661-49B2-9984-8753C45DB7B9}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE\CurVer@ GoogleEarth.FeatureCollectionGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE.1@ FeatureCollection Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureCollectionGE.1\CLSID@ {9059C329-4661-49B2-9984-8753C45DB7B9}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE@ FeatureGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE\CLSID@ {CBD4FB70-F00B-4963-B249-4B056E6A981A}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE\CurVer@ GoogleEarth.FeatureGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE.1@ FeatureGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.FeatureGE.1\CLSID@ {CBD4FB70-F00B-4963-B249-4B056E6A981A}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE@ PointOnTerrainGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE\CLSID@ {1796A329-04C1-4C07-B28E-E4A807935C06}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE\CurVer@ GoogleEarth.PointOnTerrainGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE.1@ PointOnTerrainGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.PointOnTerrainGE.1\CLSID@ {1796A329-04C1-4C07-B28E-E4A807935C06}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE@ SearchControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE\CLSID@ {A4F65992-5738-475B-9C16-CF102BCDE153}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE\CurVer@ GoogleEarth.SearchControllerGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE.1@ SearchControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.SearchControllerGE.1\CLSID@ {A4F65992-5738-475B-9C16-CF102BCDE153}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE@ TimeGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE\CLSID@ {1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE\CurVer@ GoogleEarth.TimeGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE.1@ TimeGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeGE.1\CLSID@ {1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE@ TimeIntervalGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE\CLSID@ {1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE\CurVer@ GoogleEarth.TimeIntervalGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE.1@ TimeIntervalGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TimeIntervalGE.1\CLSID@ {1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE@ TourControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE\CLSID@ {77C4C807-E257-43AD-BB3F-7CA88760BD29}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE\CurVer@ GoogleEarth.TourControllerGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE.1@ TourControllerGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.TourControllerGE.1\CLSID@ {77C4C807-E257-43AD-BB3F-7CA88760BD29}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE@ ViewExtentsGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE\CLSID@ {D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE\CurVer
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE\CurVer@ GoogleEarth.ViewExtentsGE.1
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE.1@ ViewExtentsGE Class
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE.1\CLSID
Reg HKLM\SOFTWARE\Classes\GoogleEarth.ViewExtentsGE.1\CLSID@ {D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl@ IERJCtl Class
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl\CurVer
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl\CurVer@ IERJCtl.IERJCtl.1
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl.1@ IERJCtl Class
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\IERJCtl.IERJCtl.1\CLSID@ {00CEDC01-864D-11D3-908D-00C0F03B3EDC}
Reg HKLM\SOFTWARE\Classes\IERPCtl.IERPCtl@

Hope this is not too confusing, if you want me to resend - please request.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby shinybeast » January 16th, 2010, 10:42 am

Hi ROSEM,

Apologies for all of these scans. Let's try to update and scan with MalwareBytes' and GMER MBR scan. The logs will be much shorter this time.


Update and Scan with MalwareBytes'

  • Start MalwareBytes' Anti-Malware (MBAM)
  • Click the Update tab, then click Check for Updates button
  • Allow MBAM to check for and download updates, then click OK
  • Click the Scanner tab and select (tick) Perform full scan
  • Click Scan to start then scan.
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Check all items EXCEPT items in the C:\System Volume Information folder... then click on Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


Scan with GMER MBR rootkit detector

Click here to download MBR Rootkit Detector by GMER and save it to your desktop.

  • Copy the text in the code box below
    Code: Select all
    "%userprofile%\Desktop\mbr.exe" -t
  • Click Start, click Run... and paste the above command in the Open: box and click OK.
  • A window will open briefly then close.
  • There will be a log named MBR.log on the desktop.
  • Please post the contents of that log in your next reply.

Please include the Malwarebytes' log and MBR.log in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: NEED ADVICE 4 REMOVING MALWARE

Unread postby ROSEM » January 16th, 2010, 6:08 pm

Dear shinybeast:
Thank you for your quick reply! Here are the logs you requested:

Malwarebytes' Anti-Malware 1.44
Database version: 3579
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/16/2010 3:46:57 PM
mbam-log-2010-01-16 (15-46-57).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 249129
Time elapsed: 1 hour(s), 50 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected).

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xFE7028A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0xfe7028a8
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0xfd6cf330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

I look forward to hearing from you. Thank you again (and to your instructor) for your time
and help.
ROSEM
ROSEM
Regular Member
 
Posts: 16
Joined: January 5th, 2010, 9:33 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware