Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to install AV & Malware software

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to install AV & Malware software

Unread postby StilettoRed » February 4th, 2007, 4:13 pm

I have been unable to install AV programs and Malware software as I receive dialogue boxes that indicate the directory cannot be found or the file is missing or corrupted. Running WIN2000 with All MSFT fixes up-to-date.

Logfile of HijackThis v1.99.1
Scan saved at 1:38:20 PM, on 2/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tbctray.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siliconinvestor.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINNT\system32\tbctray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB608CD-D33D-41BB-98A1-AE59195CFF09}: NameServer = 209.151.112.2 209.151.96.2
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe (file missing)
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm
Advertisement
Register to Remove

New HJT and Kerspersky Log Files

Unread postby StilettoRed » February 5th, 2007, 5:17 pm

I am guessing the reason I cannot install some AV programs and malware software is due to the "password-protected-exe" virus.

I have installed and uninstalled numerous applications trying to remove this stuff but with no success.

I have read some of the posts and tried some things that others have been asked to do that I felt safe in trying. Still no luck. I cannot boot my computer in safe mode as I get a blue screen telling me to check for viruses.

If someone would tell me how to get rid of the password-protected-exe virus I might be able to load something that would clean the rest of the crap off my computer.

I hope I haven't violated some sort of protocol by posting twice.

Here are the logs:

KASPERSKY ONLINE SCANNER REPORT
Monday, February 05, 2007 2:58:23 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/02/2007
Kaspersky Anti-Virus database records: 265115
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 51527
Number of viruses found: 5
Number of infected objects: 9 / 0
Number of suspicious objects: 6
Duration of the scan process: 02:48:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip/optimize.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer24.zip/optimize.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer24.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/optimize.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Robert Cummins\.housecall6.6\Quarantine\flec006.exe.bac_a01664 Infected: Trojan-Downloader.Win32.Bagle.aw skipped
C:\Documents and Settings\Robert Cummins\.housecall6.6\Quarantine\temp.zip.bac_a01664 Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Robert Cummins\.housecall6.6\Quarantine\wjrjzhcmsat.exe.bac_a01664 Infected: Email-Worm.Win32.Bagle.gl skipped
C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe Infected: Trojan-Downloader.Win32.Bagle.aw skipped
C:\Documents and Settings\Robert Cummins\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Robert Cummins\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Robert Cummins\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Robert Cummins\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Robert Cummins\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Robert Cummins\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Identities\{B11E3AC2-3F72-4274-BC38-3E4662D291DA}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Identities\{B11E3AC2-3F72-4274-BC38-3E4662D291DA}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Identities\{B11E3AC2-3F72-4274-BC38-3E4662D291DA}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Identities\{B11E3AC2-3F72-4274-BC38-3E4662D291DA}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\History\History.IE5\MSHist012007020520070206\index.dat Object is locked skipped
C:\Documents and Settings\Robert Cummins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Robert Cummins\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Robert Cummins\NTUSER.DAT.LOG Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\ModemLog_HSP56 MicroModem.txt Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 3:05:19 PM, on 2/5/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siliconinvestor.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINNT\system32\tbctray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB608CD-D33D-41BB-98A1-AE59195CFF09}: NameServer = 209.151.112.2 209.151.96.2
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby Mr_JAk3 » February 6th, 2007, 3:37 pm

Hi StilettoRed and welcome to the Malware Removal Forums :)
Ok let's see what we can find...

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby StilettoRed » February 6th, 2007, 10:52 pm

First, let me thank you for your assistance. You perform a valuable service for those of us that do not have the knowledge to help ourself.

Secondly, if we ever get this mess cleaned up I promise I will never ever let my AV software lapse again.

Now your scan:

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-06 20:00:11
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys ZwQuerySystemInformation

---- Kernel code sections - GMER 1.0.12 ----

.text NTDLL.DLL!NtClose 77F881F8 5 Bytes JMP 7203407A
.text NTDLL.DLL!NtCreateProcess 77F88308 5 Bytes JMP 72034205
.text NTDLL.DLL!NtCreateSection 77F88328 5 Bytes JMP 72034098

---- Processes - GMER 1.0.12 ----

Process C:\Documents and Settings\Robert Cummins\Application Data\hidn\hidn1.exe (*** hidden *** ) 1148

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\BevelBoss\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Bevels\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Chrome\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Corona\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Cutout\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Drip\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Fire\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Fur\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Glass\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\GradientGlow\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Gradients\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\HSBNoise\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Jiggle\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Marble\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Melt\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Motion_Trail\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\ReflectionMaps\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Shadowlab\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Smoke\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Squint\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Star\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Swirl\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\WaterDrops\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Weave\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\EyeCandy\Eye Candy 4000 Settings\Wood\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Lacquer\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Lacquer\images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Lacquer\Lacquer presets\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Swerve\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Swerve\images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Plugins\Flaming Pear Essentials\Swerve\Swerve presets\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Tutorials\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Easy (black)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Easy (blue)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Easy (blue-green)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Easy (tan)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\High Contrast #1\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\High Contrast #2\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Imagemap\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Imageslice\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Jasc Media Center Plus\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\JMCP No Comments\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Museum Collection (midnight)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\Museum Collection (parchment)\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\MCML\_common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software\Utilities\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software\Anniversary Resources\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Hewlett-Packard\Scanjet\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Hewlett-Packard\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\ScanSoft\OmniPagePro11.0\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\ScanSoft\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\ScanSoft Shared\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\ScanSoft\OmniPagePro11.0\AReader\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\ScanSoft\OmniPagePro11.0\EregEng\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage Pro 11.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{62F9F352-A7F7-4051-B2AD-6D1A3C325407}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\Catalogs\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Fonts\Fonts\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Esl\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Resource\Font\PFM\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Help\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Help\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-7AD7-1033-7B44-A00000000001}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\agridata\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{E7804AE3-F1A5-493F-8A65-258F4311C57F}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Java\Update\Base Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Java\Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\j2re1.4.2_04\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Java\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2_04-b05\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Dbase\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Help\ENU\Index\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\HowTo\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\HowTo\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\HowTo\ENU\Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Configs\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Dbase\pjcr\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Dbase\pjcrcomm\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Dictionaries\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Common\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\Linguistics\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\Linguistics\Providers\Proximity\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\Linguistics\Providers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Javascripts\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\SPPlugins\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Updater\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\FileInfo\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\WebAccess\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\tmp\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\Data\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\Xtras\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0\Settings\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0\Example Files\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0\Data\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\Settings\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Distillr\Data\Fonts\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\VDKHome\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\VDKHome\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Annotations\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Annotations\Stamps\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Annotations\Stamps\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SaveAsXML\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SaveAsXML\MappingTables\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Tablepicker\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Multimedia\MPP\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Multimedia\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ImageViewer\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ImageViewer\en_US\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Office\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\HowTo\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\HowTo\Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\OLS\Locale\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\OLS\Locale\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\OLS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Printme\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-1033-0000-BA7E-000000000001}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\mdireg\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{A5B0265E-CCD1-4A5E-A10F-EFF55931A71C}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Symantec\CommonClient\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{F4C9398F-B6C6-4A4B-8B6D-795CD86F915D}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton AntiVirus\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton AntiVirus\Quarantine\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton AntiVirus\Quarantine\Portal\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton AntiVirus\Quarantine\Incoming\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton SystemWorks\Norton Ghost\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Symantec Shared\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton SystemWorks\Norton AntiVirus\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton SystemWorks\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\OCR\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\PLUGINS12\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\gb\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\Big5\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\ksc\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\Migrate\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Start Menu\Programs\HP Scanjet Utilities\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby StilettoRed » February 6th, 2007, 11:32 pm

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Javascripts\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins3d\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Mac\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\Adobe\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Proximity\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton Internet Security\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton Internet Security\Norton AntiVirus\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{C6F5B6CF-609C-428E-876F-CA83176C021B}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Downloaded Installations\{B02A8E68-480B-404A-B81C-75141CC1FCC2}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Update\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-0000-7EC8-7489-000000000702}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-0000-7EC8-7489-000000000703}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{AC76BA86-0000-7EC8-7489-000000000704}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Esl\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\SPPlugins\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Help\ENU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Help\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Optional\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\7.0\Replicate\Security\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\7.0\Replicate\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\7.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\Mappings\win\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\TypeSpt\Unicode\ICU\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\LanguageNames\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\TempIccProfiles\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\TempIccProfiles\Non-Recommended\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\Acrobat 6.0\Uninstall\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Common Files\Adobe\Acrobat 6.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Browser\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ImageConversion\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Mail\Outlook\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Mail\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\Templates\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\PalmPilot\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0\Startup\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\6.0\Replicate\Security\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\6.0\Replicate\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\6.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SaveAsXML\DeveloperInfo\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Adobe\Acrobat 6.0\Legal\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Symantec Technical Support\controls\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Program Files\Symantec Technical Support\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINNT\Installer\{CDBFA706-AF55-11D8-8E28-00E018769C7C}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages@C:\WINNT\Installer\{CDBFA706-AF55-11D8-8E28-00E018769C7C}\NewShortcut2_CDBFA706AF5511D88E2800E018769C7C.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBCMSEC.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBCM\Templates\General\Label.pub 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBCM\Templates\Promotions\Special Offer Postcard.pub 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBCM\Templates\Sales Followup\Thank You Professional Letter.dot 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\anatools\busicomp\RMA.MDB 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\Charts\Balance Sheet Composition.xls 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\What-If Workbook.xls 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\anatools\projrepo\Projection Assumptions.xls 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\anatools\projwiz\Projection.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\SBT\SBFM\Reports\RATIOS.XLS 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\MSAAP.XLA 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Clipart\Pub60Cor\PUB60COR.MMC 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Clipart\standard\STANDARD.MMC 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\COMCTL32.OCA 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\COMCTL32.OCX 11
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\COMDLG32.OCA 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\COMDLG32.OCX 8
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\MSADODC.OCX 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\MSDATGRD.OCX 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\TABCTL32.OCX 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\DDAO36.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1033\MDT2DBUI.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\PUBDLG.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\1033\SBCMHELP.CHM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\1033\directmail.chm 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Microsoft Office\Office\1033\AAP.CHM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\REGOBJ.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\VB5DB.DLL 5
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\EMLCNS32.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\SBFM40.XLA 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\PUB3BRSH.ANI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\System\OLE DB\MSDASQLR.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\System\OLE DB\MSDASQL.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\System\OLE DB\msdsqlrm.txt 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\DAO\Dao2535.tlb 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Belarc\Advisor\System\BANTExt.sys 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Drivers\LHIDUSB.SYS 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lmoufrc.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\LMOUSE32.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\LMOUSE16.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\COMNCTR.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\LGUICOM.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\WebColct.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\WebColps.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\NS3.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\IE4.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\IE3.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\Opera.lgm 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\IE5.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\NS4.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\NeoPlnet.lgm 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\NS6.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\WebColct\IE6.LGM 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\CdlsHand\CdlsHand.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\CdlsHand\CdlsHdps.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Logitech\CdlsHand\Cdlsres.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\FEELIT.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\ifc21.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Spwhpt.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twunk_16.exe 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twunk_32.exe 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\SHELLNEW\PageMaker.pmd 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Urlcache.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\Identity-H 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\TBrowser.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\TBrowserRes.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PLUGINS\PhotoshopAdapter.apl 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\aiff8b.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\BMP8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\BravoSP.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\EPS Parser.8by 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\Filmst8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\GIF8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\ImageDL.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\macpnt8b.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\PCDFORM.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\PCX8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\PDF Parser.8by 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\Photoshop5.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\Pixar8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\pixpnt8b.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\png8b.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\Targa8B.8BI 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\Tiff.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\File Formats\WmfFormat.8bi 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\Importers\Twain_32.8BA 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\Inspectors\Audio.ist 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Media Browser\PlugIns\Inspectors\Video.ist 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpcms.ini 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\icccodes.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Icccodes.dat 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Iccsigs.dat 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\sprof32.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpfp32.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpscale.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpsharp.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpsys32.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\pfpick.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Ptpick32.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Kpcp32.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Kpcms\CMSCP\CP01 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Kpcms\CMSCP\CP11 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Kpcms\CMSCP\CP18 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Kpcms\DCPDB\PCDSCALE.PSF 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Kpcms\DCPDB\PCDSHARP.PSF 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PCDKOYCC.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PCD4050K.ICM 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PCDCNYCC.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PCDEKYCC.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PCD4050E.ICM 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\P22G18M7.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\YCCLABKM.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\SWUL28M7.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\PSLABPCS.ICM 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Color\Openrgb.icm 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Web\AOM.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Web\AdobeWeb.dll
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby StilettoRed » February 7th, 2007, 12:42 am

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\RSCAN.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\MDSCAN.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LNKCOM.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\NWDENG.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LUCB.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMEXCPT.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMMIGR8.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LOGGER.EXE 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMUNDO.EXE 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LOGGERPS.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\NCOMCAT.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\RSUNDO.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMGUNDO.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMUNDPS.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SYMPRREC.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\S32RASU.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LOGBOOK.HLP 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\LOGBOOK.EXE 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\INSDiag.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\REGSVR32.EXE 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SymTrHk.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\SymTray.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Downloaded Program Files\rufsi.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\opuc.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\unvise32.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Lffpx7.dll 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\ltkrn70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\ltfil70n.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lftif70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lfpng70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lfpcx70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\Lfkodak.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lfgif70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lffpx70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lffax70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\LFCMP70n.DLL 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\lfbmp70n.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twain_32.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twain.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\Grphflt\PNG32.FLT 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\TextConv\MSWRD632.CNV 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\Grphflt\EMFIMP32.FLT 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\TextConv\MSWRD832.CNV 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\Catalogs\My Catalog.psa 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\TCWatchListReader.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\VersionUpdate.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\WBIFileTransfer.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\WBIMediaPlayer.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\TCBackUp.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\TC2000\SFServer.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\XceedZip.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Dao350.dll 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Ciftp.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Cihttp.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\COMCT232.OCX 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Dwsbc32.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Mswinsck.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\THREED32.OCX 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\Tab32x20.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\MultiSock2.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\SYSINFO.OCX 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBScroll.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WebPro3.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBColB2.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBHandle.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBSplit.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBCoolBar.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBChartH.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBChat.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBCoolB.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBCoolB3.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBChart.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WBList.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\AutoLabelN.ocx 6
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\DWSPY32.dll 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\MHLOCALE.DLL 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\MHRUN32.DLL 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\WINT351.EXE 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\RhMmplay.dll 3
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core1.zip 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core2.zip 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\TextConv\WNWRD232.CNV 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\Grphflt\WPGIMP32.FLT 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\AppleRGB.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Color Management Off.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\ColorMatchRGB.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Emulate Acrobat 4.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Emulate Photoshop 4.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Europe Prepress Defaults.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\EuroscaleCoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\EuroscaleUncoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Japan Color Prepress.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\JapanColor2001Coated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\JapanColor2001Uncoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\JapanWebCoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\CIERGB.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\JapanStandard.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\NTSC1953.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\PAL_SECAM.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Photoshop4DefaultCMYK.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Photoshop5DefaultCMYK.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\SMPTE-C.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\WideGamutRGB.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Photoshop 5 Default Spaces.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\sRGB Color Space Profile.icm 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\US Prepress Defaults.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\USSheetfedCoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\USSheetfedUncoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\USWebCoatedSWOP.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Profiles\Recommended\USWebUncoated.icc 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Adobe\Color\Settings\Web Graphics Defaults.csf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\System32\MSLS2.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\atl70.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msvcr70.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msvci70.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\mfc70.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\mfc70u.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msvcp70.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msxml3.dll 4
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msxml3a.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msxml3r.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccApp.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccLgView.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\SymTdiRg.exe 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\SIMONW32.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\WSPlugin.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\WDScnrLK.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\NavPreC.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Symantec Shared\CSFFCom.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScanDiag.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWizC.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\SWIZARD.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_eng.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_czh.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_dut.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_ger.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_fre.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_hun.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_ita.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_pol.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_por.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_swe.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_spa.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_eng.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_czh.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_dut.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_ger.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_fre.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_hun.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_ita.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_pol.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_por.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_swe.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\ScnWRes_spa.hlp 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\ScanSoft Shared\LiveUpdate.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\PLUGINS12\ipexform.ebs 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\ipebase12.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\gb\hpljrcg.ini 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\Big5\hpljrcg.ini 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\OCR\dbase\ksc\hpljrcg.ini 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpgihps.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpgclbps.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpgclb.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\hpgih.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\prntfix.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\HPBRZ.VXD 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\inf\Hpbrz.inf 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\Migrate\Stihp2k.sys 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\SKBZP.vxd 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\HPNVRRes.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\OCR\api_iris.exe 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\ISTech\OCR\fmtcp8.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\TwainCtrl.ocx 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twain_32\HPSJ32.ds 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Twain_32\hptwainres.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\ipeistor12.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\ipeapi12.dll 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\Downloaded Program Files\IEAWSDC.DLL 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Camera\Kodak\DC265Ifr.ocx 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Camera\Kodak\DC265Ser.ocx 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Camera\Kodak\DC265USB.ocx 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msvcr71.dll 12
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\atl71.dll 2
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\WINNT\system32\msvcp71.dll 12
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\ScanSoft\OmniPagePro11.0\Options.dll
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby StilettoRed » February 7th, 2007, 12:52 am

I'm not sure I am doing this correctly. There are probably 6 or more pages to the scan if that is what you are looking for?

I would hate to see the size when asking to view all the files.

Let me know if this is right so far.

Thanks
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby Mr_JAk3 » February 7th, 2007, 1:18 am

Hi again :)

You have a rootkit based infection which blocks those security programs and sends out emails.

I would like too see the whole GMER log. Could you please upload the text file to eg http://rapidshare.com
Then please post the link to your log to me.

:thumbright:
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby StilettoRed » February 7th, 2007, 7:15 am

This is the original scan without the "show all." If you want the complete log please let me know.

Hope I did this right.

Here is the download link:

http://rapidshare.com/files/15326734/GMER070206.txt
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby Mr_JAk3 » February 7th, 2007, 9:08 am

That is the correct log :)

Ok good, now we'll get rid of the bug...

Run a new rootkit scan with GMER.

When you see the following process on the list:

Process C:\Documents and Settings\Robert Cummins\Application Data\hidn\hidn1.exe (*** hidden *** )

Rigthclick it with your mouse and a menu will open. Choose "Kill Process" from the list.

When you see the following files on the list:
C:\Documents and Settings\Robert Cummins\Application Data\hidn\hidn1.exe
C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys
C:\WINNT\system32\wintems.exe

Rigthclick those with your mouse and a menu will open. Choose "Delete file" from the list. You need to do this one by one.

When you see the following service on the list:

Service C:\Documents and Settings\Robert Cummins\Application Data\hidn\m_hook.sys [MANUAL] m_hook

Rigthclick it with your mouse and a menu will open. Choose "Delete the service" from the list.
If GMER asks for a reboot allow it to do it.

Then close GMER and restart your computer.

Run a new scan with GMER but don't use your computer during the scan.
When the scan has finished please copy/upload the results to me along with a new HijackThis log.
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby StilettoRed » February 7th, 2007, 5:41 pm

Everything looks good. I checked and I can boot in safe mode.

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-07 15:25:33
Windows 5.0.2195 Service Pack 4


---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1801674531-1060284298-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D79B17E-AC30-D578-2635-E328566EA031}@dacjgdcj? 0x63 0x61 0x61 0x6F ...
Reg \Registry\USER\S-1-5-21-1801674531-1060284298-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9D79B17E-AC30-D578-2635-E328566EA031}@fabjbdnojbad? 0x63 0x61 0x68 0x6F ...

---- EOF - GMER 1.0.12 ----
Logfile of HijackThis v1.99.1
Scan saved at 3:28:02 PM, on 2/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siliconinvestor.com/subjectmarks.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINNT\system32\tbctray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [drv_st_key] C:\Documents and Settings\Robert Cummins\Application Data\hidn\hidn1.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe

I appreciate your time and help.

Before I load any applications, what do you prefer to use for AV and Malware software protection?

That is how I got into this situation. I wanted to change from Norton, but couldn't make up my mind what to use and in the meantime.....
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby Mr_JAk3 » February 8th, 2007, 6:44 am

Hi again, we'll continue :)

You're not clean yet. One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.

You should print these instructions or save these to a text file. Follow these instructions carefully.

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable AVG Anti-Spyware guard.
  • Open AVG Anti-Spyware
  • Click Shield
  • Click under "resident shield is"
  • Change it to inactive
  • Close the program
Disable TrojanHunter Guard.
  • Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
  • Make sure that the program, TrojanHunter itself, is also closed/not running.


Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

==================

Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.
flec006.exe

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [drv_st_key] C:\Documents and Settings\Robert Cummins\Application Data\hidn\hidn1.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Robert Cummins\Application Data\m\flec006.exe

Open AVG Anti-Spyware:
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following folders:
C:\Documents and Settings\Robert Cummins\Application Data\hidn
C:\Documents and Settings\Robert Cummins\Application Data\m

Run ATF Cleaner
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby StilettoRed » February 8th, 2007, 12:22 pm

I removed and reinstalled Zone Alarm yesterday which is currently running. Should I disable it?

I removed AVG becuase I could not change the shield from "inactive' to "active." Should I reinstall AVG before proceeding?

You did not mention A-Squared which is loaded and running - at least I think it is running. Do I need to disable it also?

There are no other issues for your remaining instructions.

I will do nothing until I hear from you.

Thanks
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm

Unread postby Mr_JAk3 » February 8th, 2007, 3:08 pm

Yes keep ZoneAlarm running.

Yes in order to scan with AVG Anti-Spyware you deen to install it (if it has been uninstalled). The shield is available in the trial version only for a restricted time but that doesn't affect scanning. You may download and install it from here -> http://www.ewido.net/en/download/

I'm not able to see any signs of A-Squared but disable it if it is running.

You did the rigth thing, it is always best to ask first :)
Please post the logs I requested when you're ready.
User avatar
Mr_JAk3
MRU Teacher Emeritus
 
Posts: 3023
Joined: April 16th, 2006, 1:52 pm
Location: Finland

Unread postby StilettoRed » February 10th, 2007, 6:51 pm

Hello Mr underscoreJAk3,

Well things have not gone so well this time around. The first thing that happened to me was I lost the dns address for my ISP for whatever reason. After getting email and internet access back a day later I ended up uninstalling Zone Alarm as evidently we do not get along very well.

While going through your last instructions I had a couple of problems. One being pure stupidity on my part, however, you may want to change your instructions for those of us who are dumber than a box of rocks. At the point where you use Task Manager to select the processs to delete I might suggest changing the wording to read: ...select the Processes tab, highlight the first process found from the list following this instruction and click End Process. Continue through the remaining items on the list (one at a time) until.... I tried to delete the system processes as being first on the list. Fortunately it would not let me. -ng-

The second problem I had was that I could not boot in safe mode. I removed the two application folders in "unsafe mode," ran the ATF clean-up and the AVG scan from a normal boot also. When I ran the AVG scan it showed the first vius as being cleaned, but I had picked up a second somewhere. So I have been jacking around trying to get rid of the second one which the AVG scan now shows as clean, but I have reservations about that.

I probably screwed up and should have let you give me more instructions on removal, but my patience iwith this crap s beginnning to reach its threshold.

Also after uninstalling Zone Alarm, I installed Comodo although I probably will not find it any easier to use than the Zone Alarm.

Anyway here is the last HJT log and the AVG from yesterday. Today the AVG showed clean, after running the scan. but for some reason I have my doubts. Maybe I'm getting a little gun shy. The last time I checked I could boot in safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 4:37:54 PM, on 2/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.siliconinvestor.com/subjectmarks.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINNT\system32\tbctray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCB608CD-D33D-41BB-98A1-AE59195CFF09}: NameServer = 209.151.112.2 209.151.96.2
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe


The AVG file from yesterday showing the second virus. Today's scan showed clean.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:43:58 PM 2/9/2007

+ Scan result:



C:\WINNT\system32\gtdownlr_118.ocx -> Adware.Gdown : Cleaned with backup (quarantined).
C:\WUTemp\outlook.exe -> Trojan.CuteSpy : Cleaned with backup (quarantined).


::Report end
StilettoRed
Regular Member
 
Posts: 34
Joined: January 30th, 2007, 7:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware