Help - trying to remove BraveSentry etc

[StckFigure]

Part 4

--------------------------------------------------------------------------
CHECKING FOR SDBOT-TYPE WORMS:
--------------------------------------------------------------------------

**** W32/Sdbot Worm NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
--------------------------------------------------------------------------

**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****

**** CmdService adware NOT FOUND by this tool! ****

**** Network_Monitor adware NOT FOUND by this tool! ****

**** Trojan.Peacomm NOT FOUND by this tool! ****

**** AVPE Haxdoor NOT FOUND by this tool! ****

**** MEMLOW Haxdoor NOT FOUND by this tool! ****

**** VDMT Haxdoor NOT FOUND by this tool! ****

**** YCSVGA Haxdoor NOT FOUND by this tool! ****

**** PPTP Haxdoor FOUND by this tool! ****
CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport
ComponentId REG_SZ ms_pptpminiport
InfSection REG_SZ Ndi-Mp-Pptp
MatchingDeviceId REG_SZ ms_pptpminiport
DriverDesc REG_SZ WAN Miniport (PPTP)
Service REG_SZ PptpMiniport
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}
DeviceInstance REG_SZ Root\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\#{302E0F1A-EE33-4671-AF58-7080298CE552}
SymbolicLink REG_SZ \\?\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{302E0F1A-EE33-4671-AF58-7080298CE552}
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\#{302E0F1A-EE33-4671-AF58-7080298CE552}\Control
HKEY_LOCAL_MACHINE\system\ControlSet001\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\Control
WAN Miniport (PPTP) REG_MULTI_SZ 1\0\0
InfSection REG_SZ Ndi-PptpProtocol
ComponentId REG_SZ ms_pptp
HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\ MS_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\ MS_PPTPMINIPORT\0000
HardwareID REG_MULTI_SZ ms_pptpminiport\0\0
Service REG_SZ PptpMiniport
DeviceDesc REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\ MS_PPTPMINIPORT\0000\Device Parameters
HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\ MS_PPTPMINIPORT\0000\LogConf
HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\ MS_PPTPMINIPORT\0000\Control
ActiveService REG_SZ PptpMiniport
HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROO T\MS_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\ControlSet001\Hardware Profiles\Current\System\CurrentControlSet\Enum\ROO T\MS_PPTPMINIPORT\0000
Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0wanatw\0W32Time\0Vo lSnap\0viaide\0VgaSave\0vaxscsi\0USER32\0UPS\0ultr a\0udfs\0toside\0TermServSessDir\0TermService\0Ter mServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImag e\0SSDPSRV\0Srv\0srservice\0sr\0sptd\0sparrow\0snd blst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schan nel\0SCardSvr\0savrt\0Save Dump\0SAM\0RTL8023xp\0RSVP\0Removable Storage Service\0RemoteAccess\0redbook\0Rdbss\0RasMan\0Ras Auto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PS ched\0Processor\0PRISM_A02\0Print\0PptpMiniport\0P olicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide \0pci\0parvdm\0partmgr\0parport\0P3\0OSPFMib\0OSPF \0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC139 4\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0Ndis IP\0ndis\0mxnic\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDA V\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHo sts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclas s\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPX CP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMG M\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0 i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips \0fdc\0fastfat\0eventlog\0efs\0dtscsi\0dpti2o\0Dns cache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac96 0nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cd m\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0cbidf\0Browse r\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p \0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0aliide\0Alerter\0a ic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0 abp480n5\0abiosdsk\0System\0\0
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E ventlog\System\PptpMiniport
2 REG_SZ Root\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\P ptpMiniport
ImagePath REG_EXPAND_SZ system32\DRIVERS\raspptp.sys
DisplayName REG_SZ WAN Miniport (PPTP)
Description REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\P ptpMiniport\Security
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\P ptpMiniport\Enum
0 REG_SZ Root\MS_PPTPMINIPORT\0000
Service REG_SZ PptpMiniport
HKEY_LOCAL_MACHINE\system\ControlSet002\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}
DeviceInstance REG_SZ Root\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\ControlSet002\Control\De viceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\#{302E0F1A-EE33-4671-AF58-7080298CE552}
SymbolicLink REG_SZ \\?\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{302E0F1A-EE33-4671-AF58-7080298CE552}
WAN Miniport (PPTP) REG_MULTI_SZ 1\0\0
InfSection REG_SZ Ndi-PptpProtocol
ComponentId REG_SZ ms_pptp
HKEY_LOCAL_MACHINE\system\ControlSet002\Enum\Root\ MS_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\ControlSet002\Enum\Root\ MS_PPTPMINIPORT\0000
HardwareID REG_MULTI_SZ ms_pptpminiport\0\0
Service REG_SZ PptpMiniport
DeviceDesc REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\ControlSet002\Enum\Root\ MS_PPTPMINIPORT\0000\Device Parameters
HKEY_LOCAL_MACHINE\system\ControlSet002\Enum\Root\ MS_PPTPMINIPORT\0000\LogConf
HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT\0000
Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0wanatw\0W32Time\0Vo lSnap\0viaide\0VgaSave\0vaxscsi\0USER32\0UPS\0ultr a\0udfs\0toside\0TermServSessDir\0TermService\0Ter mServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImag e\0SSDPSRV\0Srv\0srservice\0sr\0sptd\0sparrow\0snd blst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schan nel\0SCardSvr\0savrt\0Save Dump\0SAM\0RTL8023xp\0RSVP\0Removable Storage Service\0RemoteAccess\0redbook\0Rdbss\0RasMan\0Ras Auto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PS ched\0Processor\0PRISM_A02\0Print\0PptpMiniport\0P olicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide \0pci\0parvdm\0partmgr\0parport\0P3\0OSPFMib\0OSPF \0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC139 4\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0Ndis IP\0ndis\0mxnic\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDA V\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHo sts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclas s\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPX CP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMG M\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0 i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips \0fdc\0fastfat\0eventlog\0efs\0dtscsi\0dpti2o\0Dns cache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac96 0nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cd m\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0cbidf\0Browse r\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p \0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0aliide\0Alerter\0a ic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0 abp480n5\0abiosdsk\0System\0\0
HKEY_LOCAL_MACHINE\system\ControlSet002\Services\E ventlog\System\PptpMiniport
HKEY_LOCAL_MACHINE\system\ControlSet002\Services\P ptpMiniport
ImagePath REG_EXPAND_SZ system32\DRIVERS\raspptp.sys
DisplayName REG_SZ WAN Miniport (PPTP)
Description REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\ControlSet002\Services\P ptpMiniport\Security
ComponentId REG_SZ ms_pptpminiport
InfSection REG_SZ Ndi-Mp-Pptp
MatchingDeviceId REG_SZ ms_pptpminiport
DriverDesc REG_SZ WAN Miniport (PPTP)
Service REG_SZ PptpMiniport
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Contro l\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}
DeviceInstance REG_SZ Root\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Contro l\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\#{302E0F1A-EE33-4671-AF58-7080298CE552}
SymbolicLink REG_SZ \\?\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{302E0F1A-EE33-4671-AF58-7080298CE552}
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Contro l\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\#{302E0F1A-EE33-4671-AF58-7080298CE552}\Control
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Contro l\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498 944-762f-11d0-8dcb-00c04fc3358c}\Control
WAN Miniport (PPTP) REG_MULTI_SZ 1\0\0
InfSection REG_SZ Ndi-PptpProtocol
ComponentId REG_SZ ms_pptp
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Enum\R oot\MS_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Enum\R oot\MS_PPTPMINIPORT\0000
HardwareID REG_MULTI_SZ ms_pptpminiport\0\0
Service REG_SZ PptpMiniport
DeviceDesc REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Enum\R oot\MS_PPTPMINIPORT\0000\Device Parameters
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Enum\R oot\MS_PPTPMINIPORT\0000\LogConf
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Enum\R oot\MS_PPTPMINIPORT\0000\Control
ActiveService REG_SZ PptpMiniport
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardwa re Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardwa re Profiles\0001\System\CurrentControlSet\Enum\ROOT\M S_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardwa re Profiles\Current\System\CurrentControlSet\Enum\ROO T\MS_PPTPMINIPORT
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardwa re Profiles\Current\System\CurrentControlSet\Enum\ROO T\MS_PPTPMINIPORT\0000
Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WgaNotify\0wanatw\0W32Time\0Vo lSnap\0viaide\0VgaSave\0vaxscsi\0USER32\0UPS\0ultr a\0udfs\0toside\0TermServSessDir\0TermService\0Ter mServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImag e\0SSDPSRV\0Srv\0srservice\0sr\0sptd\0sparrow\0snd blst\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schan nel\0SCardSvr\0savrt\0Save Dump\0SAM\0RTL8023xp\0RSVP\0Removable Storage Service\0RemoteAccess\0redbook\0Rdbss\0RasMan\0Ras Auto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PS ched\0Processor\0PRISM_A02\0Print\0PptpMiniport\0P olicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide \0pci\0parvdm\0partmgr\0parport\0P3\0OSPFMib\0OSPF \0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0NIC139 4\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0Ndis IP\0ndis\0mxnic\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDA V\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHo sts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdhid\0kbdclas s\0KB929969\0KB928090-IE7\0isapnp\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPX CP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMG M\0IPBOOTP\0Internet Explorer 7 Disk\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0 i2omgmt\0Http\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips \0fdc\0fastfat\0eventlog\0efs\0dtscsi\0dpti2o\0Dns cache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac96 0nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cd m\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0cbidf\0Browse r\0BITS\0beep\0Atmarpc\0ati2mtag\0Ati HotKey Poller\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p \0asc\0Arp1394\0Application Popup\0apphelp\0amsint\0ami0nt\0aliide\0Alerter\0a ic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0 abp480n5\0abiosdsk\0System\0\0
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\Eventlog\System\PptpMiniport
2 REG_SZ Root\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\PptpMiniport
ImagePath REG_EXPAND_SZ system32\DRIVERS\raspptp.sys
DisplayName REG_SZ WAN Miniport (PPTP)
Description REG_SZ WAN Miniport (PPTP)
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\PptpMiniport\Security
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Servic es\PptpMiniport\Enum
0 REG_SZ Root\MS_PPTPMINIPORT\0000

**** DVB Haxdoor NOT FOUND by this tool! ****

**** YVBB Haxdoor NOT FOUND by this tool! ****

**** YVPP Haxdoor NOT FOUND by this tool! ****

**** NKGFS Haxdoor NOT FOUND by this tool! ****

**** XMSK Haxdoor NOT FOUND by this tool! ****

**** AVPX Haxdoor NOT FOUND by this tool! ****

**** MMXF Haxdoor NOT FOUND by this tool! ****

**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****

**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****

**** I386P Rootkit Driver NOT FOUND by this tool! ****

**** ERSSDD Rootkit NOT FOUND by this tool! ****

**** GencTurK RootKit NOT FOUND by this tool! ****

************************************************** **********************************

Dumping HKLM Uninstall Programs list

DisplayName REG_SZ Ad-Aware SE Personal
DisplayName REG_SZ ADDRESS ORGANIZER DELUXE (S)
DisplayName REG_SZ Adobe Bridge 1.0
DisplayName REG_SZ Adobe Common File Installer
DisplayName REG_SZ Adobe Download Manager 2.2 (Remove Only)
DisplayName REG_SZ Adobe Flash Player 9 ActiveX
DisplayName REG_SZ Adobe Flash Player Plugin
DisplayName REG_SZ Adobe Help Center 1.0
DisplayName REG_SZ Adobe Photoshop CS2
DisplayName REG_SZ Adobe Photoshop CS2
DisplayName REG_SZ Adobe Reader 7.0.7
DisplayName REG_SZ Adobe Shockwave Player
DisplayName REG_SZ Adobe Stock Photos 1.0
DisplayName REG_SZ Adobe® Photoshop® Album Starter Edition 3.0
DisplayName REG_SZ AIM 6.0
DisplayName REG_SZ AOL Connectivity Services
DisplayName REG_SZ AOL Uninstaller (Choose which Products to Remove)
DisplayName REG_SZ Apple Software Update
DisplayName REG_SZ ATI - Software Uninstall Utility
DisplayName REG_SZ ATI Control Panel
DisplayName REG_SZ ATI Display Driver
DisplayName REG_SZ ATI MCE Control Panel
DisplayName REG_SZ Audacity 1.2.6
DisplayName REG_SZ AusLogics Disk Defrag
DisplayName REG_SZ AutoUpdate
DisplayName REG_SZ AVG Anti-Spyware 7.5
DisplayName REG_SZ Azureus
DisplayName REG_SZ BigFix
DisplayName REG_SZ Bink and Smacker
DisplayName REG_SZ Boggle
DisplayName REG_SZ BOINC
DisplayName REG_SZ BOOK ORGANIZER DELUXE (S)
DisplayName REG_SZ BookBag Plus
DisplayName REG_SZ BUM
DisplayName REG_SZ CC_ccProxyExt
DisplayName REG_SZ ccCommon
DisplayName REG_SZ CCleaner (remove only)
DisplayName REG_SZ ccPxyCore
DisplayName REG_SZ Chowder for Windows version 1.0
DisplayName REG_SZ CloneDVD2
DisplayName REG_SZ Collectorz.com Book Collector
DisplayName REG_SZ Collectorz.com Game Collector
DisplayName REG_SZ Collectorz.com Movie Collector
DisplayName REG_SZ Collectorz.com MP3 Collector
DisplayName REG_SZ Collectorz.com Music Collector
DisplayName REG_SZ Creative Jukebox Driver
DisplayName REG_SZ Creative MediaSource
DisplayName REG_SZ Creative NOMAD Jukebox Zen Xtra
DisplayName REG_SZ Creative System Information
DisplayName REG_SZ D-link AirPlus G DWL-G120 Wireless USB Adapter
DisplayName REG_SZ Digital Media Reader
DisplayName REG_SZ Digital Media Reader
DisplayName REG_SZ DiscJuggler
DisplayName REG_SZ DivX
DisplayName REG_SZ DivX Player
DisplayName REG_SZ EA SPORTS online 2006
DisplayName REG_SZ File Recover 6.0
DisplayName REG_SZ Final Draft 7
DisplayName REG_SZ Forté Agent
DisplayName REG_SZ Gadwin PrintScreen
DisplayName REG_SZ Gold Miner
DisplayName REG_SZ Google Earth
DisplayName REG_SZ Google SketchUp
DisplayName REG_SZ Google Toolbar for Internet Explorer
DisplayName REG_SZ Gpower 2.0i
DisplayName REG_SZ GSpot Codec Information Appliance
DisplayName REG_SZ Hidden Expedition Titanic (remove only)
DisplayName REG_SZ HijackThis 1.99.1
DisplayName REG_SZ Hotfix for Windows XP (KB914440)
DisplayName REG_SZ Hotfix for Windows XP (KB915865)
DisplayName REG_SZ HP Deskjet 9800
DisplayName REG_SZ HP Deskjet 9800 Series
DisplayName REG_SZ ISI ResearchSoft - Export Helper
DisplayName REG_SZ J2SE Runtime Environment 5.0 Update 2
DisplayName REG_SZ Jeopardy! 2003
DisplayName REG_SZ Jeopardy! 2nd Edition
DisplayName REG_SZ Lexmark Software Uninstall
DisplayName REG_SZ LimeWire PRO 4.12.6
DisplayName REG_SZ Linksys EasyLink Advisor 1.5 (1045)
DisplayName REG_SZ LiveReg (Symantec Corporation)
DisplayName REG_SZ LiveUpdate 2.5 (Symantec Corporation)
DisplayName REG_SZ Macromedia Extension Manager
DisplayName REG_SZ Macromedia Flash 8
DisplayName REG_SZ Macromedia Flash 8 Video Encoder
DisplayName REG_SZ Macromedia Flash Player 8
DisplayName REG_SZ Macromedia Flash Player 8 Plugin
DisplayName REG_SZ Magic DVD Ripper V5.0
DisplayName REG_SZ Magic ISO Maker v5.0 (build 0166)
DisplayName REG_SZ Magic ISO Maker v5.3 (build 0229)
DisplayName REG_SZ Magic Workstation 0.94f
DisplayName REG_SZ Master of Orion II
DisplayName REG_SZ Microsoft .NET Framework 1.0 Hotfix (KB887998)
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft .NET Framework 1.1 Hotfix (KB886903)
DisplayName REG_SZ Microsoft Internationalized Domain Names Mitigation APIs
DisplayName REG_SZ Microsoft Money 2005
DisplayName REG_SZ Microsoft National Language Support Downlevel APIs
DisplayName REG_SZ Microsoft Office Professional Edition 2003
DisplayName REG_SZ Microsoft Works
DisplayName REG_SZ mIRC
DisplayName REG_SZ Move Networks Player for Internet Explorer
DisplayName REG_SZ Mozilla Firefox (2.0.0.3)
DisplayName REG_SZ MSRedist
DisplayName REG_SZ MSXML 4.0 SP2 (KB927978)
DisplayName REG_SZ MTG GamePack for Magic Workstation
DisplayName REG_SZ Multimedia Keyboard Driver
DisplayName REG_SZ Mystery Case Files - Prime Suspects (remove only)
DisplayName REG_SZ Mystery Case Files - Ravenhearst (remove only)
DisplayName REG_SZ Mystery Case Files Huntsville
DisplayName REG_SZ Napster Burn Engine
DisplayName REG_SZ Nero 7 Demo
DisplayName REG_SZ Norton AntiSpam
DisplayName REG_SZ Norton AntiSpam
DisplayName REG_SZ Norton AntiVirus 2005
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security
DisplayName REG_SZ Norton Internet Security 2005 (Symantec Corporation)
DisplayName REG_SZ Norton Security Center
DisplayName REG_SZ Norton WMI Update
DisplayName REG_SZ Norton WMI Update
DisplayName REG_SZ Panda ActiveScan
DisplayName REG_SZ Pinnacle Instant DVD Recorder
DisplayName REG_SZ PowerDVD
DisplayName REG_SZ PowerPlugs: Transitions and/or 3D Titles
DisplayName REG_SZ QuickPar 0.9
DisplayName REG_SZ QuickTime
DisplayName REG_SZ RealPlayer
DisplayName REG_SZ Realtek AC'97 Audio
DisplayName REG_SZ Recovery Software Suite eMachines
DisplayName REG_SZ Rocket Mania 1.01
DisplayName REG_SZ Roxio Easy Media Creator 8 Suite
DisplayName REG_SZ SAS 9.1
DisplayName REG_SZ SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.1)
DisplayName REG_SZ Scrabble
DisplayName REG_SZ Security Update for Windows Internet Explorer 7 (KB928090)
DisplayName REG_SZ Security Update for Windows Internet Explorer 7 (KB929969)
DisplayName REG_SZ Security Update for Windows Internet Explorer 7 (KB931768)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB911565)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB917734)
DisplayName REG_SZ Security Update for Windows Media Player 6.4 (KB925398)
DisplayName REG_SZ Security Update for Windows XP (KB890046)
DisplayName REG_SZ Security Update for Windows XP (KB893756)
DisplayName REG_SZ Security Update for Windows XP (KB896358)
DisplayName REG_SZ Security Update for Windows XP (KB896422)
DisplayName REG_SZ Security Update for Windows XP (KB896423)
DisplayName REG_SZ Security Update for Windows XP (KB896424)
DisplayName REG_SZ Security Update for Windows XP (KB896428)
DisplayName REG_SZ Security Update for Windows XP (KB896688)
DisplayName REG_SZ Security Update for Windows XP (KB899587)
DisplayName REG_SZ Security Update for Windows XP (KB899589)
DisplayName REG_SZ Security Update for Windows XP (KB899591)
DisplayName REG_SZ Security Update for Windows XP (KB900725)
DisplayName REG_SZ Security Update for Windows XP (KB901017)
DisplayName REG_SZ Security Update for Windows XP (KB901214)
DisplayName REG_SZ Security Update for Windows XP (KB902400)
DisplayName REG_SZ Security Update for Windows XP (KB903235)
DisplayName REG_SZ Security Update for Windows XP (KB904706)
DisplayName REG_SZ Security Update for Windows XP (KB905414)
DisplayName REG_SZ Security Update for Windows XP (KB905749)
DisplayName REG_SZ Security Update for Windows XP (KB905915)
DisplayName REG_SZ Security Update for Windows XP (KB908519)
DisplayName REG_SZ Security Update for Windows XP (KB908531)
DisplayName REG_SZ Security Update for Windows XP (KB911562)
DisplayName REG_SZ Security Update for Windows XP (KB911567)
DisplayName REG_SZ Security Update for Windows XP (KB911927)
DisplayName REG_SZ Security Update for Windows XP (KB912812)
DisplayName REG_SZ Security Update for Windows XP (KB912919)
DisplayName REG_SZ Security Update for Windows XP (KB913446)
DisplayName REG_SZ Security Update for Windows XP (KB913580)
DisplayName REG_SZ Security Update for Windows XP (KB914388)
DisplayName REG_SZ Security Update for Windows XP (KB914389)
DisplayName REG_SZ Security Update for Windows XP (KB916281)
DisplayName REG_SZ Security Update for Windows XP (KB917159)
DisplayName REG_SZ Security Update for Windows XP (KB917344)
DisplayName REG_SZ Security Update for Windows XP (KB917422)
DisplayName REG_SZ Security Update for Windows XP (KB917953)
DisplayName REG_SZ Security Update for Windows XP (KB918118)
DisplayName REG_SZ Security Update for Windows XP (KB918439)
DisplayName REG_SZ Security Update for Windows XP (KB918899)
DisplayName REG_SZ Security Update for Windows XP (KB919007)
DisplayName REG_SZ Security Update for Windows XP (KB920213)
DisplayName REG_SZ Security Update for Windows XP (KB920214)
DisplayName REG_SZ Security Update for Windows XP (KB920670)
DisplayName REG_SZ Security Update for Windows XP (KB920683)
DisplayName REG_SZ Security Update for Windows XP (KB920685)
DisplayName REG_SZ Security Update for Windows XP (KB921398)
DisplayName REG_SZ Security Update for Windows XP (KB921883)
DisplayName REG_SZ Security Update for Windows XP (KB922616)
DisplayName REG_SZ Security Update for Windows XP (KB922760)
DisplayName REG_SZ Security Update for Windows XP (KB922819)
DisplayName REG_SZ Security Update for Windows XP (KB923191)
DisplayName REG_SZ Security Update for Windows XP (KB923414)
DisplayName REG_SZ Security Update for Windows XP (KB923689)
DisplayName REG_SZ Security Update for Windows XP (KB923694)
DisplayName REG_SZ Security Update for Windows XP (KB923980)
DisplayName REG_SZ Security Update for Windows XP (KB924191)
DisplayName REG_SZ Security Update for Windows XP (KB924270)
DisplayName REG_SZ Security Update for Windows XP (KB924496)
DisplayName REG_SZ Security Update for Windows XP (KB924667)
DisplayName REG_SZ Security Update for Windows XP (KB925486)
DisplayName REG_SZ Security Update for Windows XP (KB925902)
DisplayName REG_SZ Security Update for Windows XP (KB926255)
DisplayName REG_SZ Security Update for Windows XP (KB926436)
DisplayName REG_SZ Security Update for Windows XP (KB927779)
DisplayName REG_SZ Security Update for Windows XP (KB927802)
DisplayName REG_SZ Security Update for Windows XP (KB928255)
DisplayName REG_SZ Security Update for Windows XP (KB928843)
DisplayName REG_SZ Security Update for Windows XP (KB930178)
DisplayName REG_SZ Security Update for Windows XP (KB931261)
DisplayName REG_SZ Security Update for Windows XP (KB931784)
DisplayName REG_SZ Security Update for Windows XP (KB932168)
DisplayName REG_SZ Shizmoo Web Games (Uproar)
DisplayName REG_SZ Sid Meier's Civilization 4
DisplayName REG_SZ Sid Meier's Civilization 4
DisplayName REG_SZ SimCity 4
DisplayName REG_SZ Slingo Deluxe
DisplayName REG_SZ Snood Towers for Windows version 1.02
DisplayName REG_SZ Snoodoku for Windows Version 1.1W
DisplayName REG_SZ SoftV92 Data Fax Modem with SmartCP
DisplayName REG_SZ Sony USB Driver
DisplayName REG_SZ Sound Blaster Live! 24-bit
DisplayName REG_SZ SPBBC
DisplayName REG_SZ Spelling Dictionaries For Adobe Reader Package
DisplayName REG_SZ SPSS 11.0 for Windows Student Version
DisplayName REG_SZ Spy Sweeper
DisplayName REG_SZ Spybot - Search & Destroy 1.4
DisplayName REG_SZ SpywareBlaster v3.5.1
DisplayName REG_SZ Starcraft
DisplayName REG_SZ Strike Ball
DisplayName REG_SZ Super Collapse II
DisplayName REG_SZ Super Text Twist
DisplayName REG_SZ SureThing CD Labeler Deluxe 4
DisplayName REG_SZ Symantec Network Drivers Update
DisplayName REG_SZ Symantec Script Blocking Installer
DisplayName REG_SZ SymNet
DisplayName REG_SZ Tiger Woods PGA TOUR 06
DisplayName REG_SZ Travelogue 360 Paris (remove only)
DisplayName REG_SZ Trillian
DisplayName REG_SZ TrojanHunter 4.6
DisplayName REG_SZ Ultima Online: Mondain's Legacy
DisplayName REG_SZ Update for Windows XP (KB894391)
DisplayName REG_SZ Update for Windows XP (KB898461)
DisplayName REG_SZ Update for Windows XP (KB900485)
DisplayName REG_SZ Update for Windows XP (KB904942)
DisplayName REG_SZ Update for Windows XP (KB910437)
DisplayName REG_SZ Update for Windows XP (KB911280)
DisplayName REG_SZ Update for Windows XP (KB916595)
DisplayName REG_SZ Update for Windows XP (KB920872)
DisplayName REG_SZ Update for Windows XP (KB922582)
DisplayName REG_SZ Update for Windows XP (KB929338)
DisplayName REG_SZ Update for Windows XP (KB930916)
DisplayName REG_SZ Update for Windows XP (KB931836)
DisplayName REG_SZ Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
DisplayName REG_SZ UseNeXT
DisplayName REG_SZ VideoLAN VLC media player 0.8.4a
DisplayName REG_SZ Virtools 3D Life Player
DisplayName REG_SZ VPN Client
DisplayName REG_SZ WebFldrs XP
DisplayName REG_SZ WinAVIVideoConverter
DisplayName REG_SZ Windows Genuine Advantage Notifications (KB905474)
DisplayName REG_SZ Windows Genuine Advantage v1.3.0254.0
DisplayName REG_SZ Windows Installer 3.1 (KB893803)
DisplayName REG_SZ Windows Installer 3.1 (KB893803)
DisplayName REG_SZ Windows Internet Explorer 7
DisplayName REG_SZ Windows Live Messenger
DisplayName REG_SZ Windows Media Format Runtime
DisplayName REG_SZ Windows XP Hotfix - KB834707
DisplayName REG_SZ Windows XP Hotfix - KB867282
DisplayName REG_SZ Windows XP Hotfix - KB873333
DisplayName REG_SZ Windows XP Hotfix - KB873339
DisplayName REG_SZ Windows XP Hotfix - KB885250
DisplayName REG_SZ Windows XP Hotfix - KB885835
DisplayName REG_SZ Windows XP Hotfix - KB885836
DisplayName REG_SZ Windows XP Hotfix - KB886185
DisplayName REG_SZ Windows XP Hotfix - KB887472
DisplayName REG_SZ Windows XP Hotfix - KB887742
DisplayName REG_SZ Windows XP Hotfix - KB888113
DisplayName REG_SZ Windows XP Hotfix - KB888239
DisplayName REG_SZ Windows XP Hotfix - KB888302
DisplayName REG_SZ Windows XP Hotfix - KB890047
DisplayName REG_SZ Windows XP Hotfix - KB890175
DisplayName REG_SZ Windows XP Hotfix - KB890859
DisplayName REG_SZ Windows XP Hotfix - KB890923
DisplayName REG_SZ Windows XP Hotfix - KB891781
DisplayName REG_SZ Windows XP Hotfix - KB893066
DisplayName REG_SZ Windows XP Hotfix - KB893086
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB890629
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB890760
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB895198
DisplayName REG_SZ Windows XP Media Center Edition 2005 KB895678
DisplayName REG_SZ WinFast PVR
DisplayName REG_SZ WinRAR archiver
DisplayName REG_SZ XviD 1.1 final uninstall
DisplayName REG_SZ Yahoo! Messenger
DisplayName REG_SZ Yahoo! Widget Engine
DisplayName REG_SZ Yahoo! Widget Engine
DisplayName REG_SZ YOU DON'T KNOW JACK Volume 3
ParentDisplayName REG_SZ Windows Internet Explorer 7 - Software Updates
ParentDisplayName REG_SZ Windows Internet Explorer 7 - Software Updates
ParentDisplayName REG_SZ Windows Internet Explorer 7 - Software Updates
ParentDisplayName REG_SZ Windows Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP Media Center Edition 2005
ParentDisplayName REG_SZ Windows XP Media Center Edition 2005
ParentDisplayName REG_SZ Windows XP Media Center Edition 2005
ParentDisplayName REG_SZ Windows XP Media Center Edition 2005
ParentDisplayName REG_SZ Windows XP Media Center Edition 2005
QuietDisplayName REG_SZ Shockwave Director 10.1.4
QuietDisplayName REG_SZ Shockwave Flash


################################################## ################################################## #


-- All DONE!

~ ShadowPuterDude ~

[StckFigure]

Likewise with this log, if we could delete it after you're done with it, that'd be great. Thanks

[jholland1964]

Let's let PP look at it and tell us what to do...I have only used this one once.

[jholland1964]

Download haxfix.exe.
Save it to your desktop.
Close down all applications and every browser window.
Double-Click onto the haxfix.exe, to start the installation.
Put a checkmark next to "Create a desktop icon".
Click "Next" and follow the prompts on the screen.
When the installation is finished, make sure that "Launch HaxFix" is enabled.
Click "Finish".
Now a Red DOS Window opens with the following options to chose:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix

Option 1: Make logfile.
Chose the Option 1: Create a log by pressing 1
This will need a moment of your time. When the HaxFix is finished, a textfile opens (haxlog.txt)
You need to use this option first. A log will be created which shows you all possible candidates, which may signalize that one of the Haxdoor variants runs on your system.

The controll will be done for:
- the file ps.a3d (the only olne file which is not hidden by a rootkit)
- notify subkeys of the type ****16, ****32, ****xt, ****tt
- services of the type ****16, ****24, ****32, ****64, ****xt, ****xm, ****tt, ****mm,...
- safeboot services of the type ****16.sys, ****24.sys, ****32.sys, ****64.sys, ****xt.sys, ****xm.sys, ****tt.sys, ****mm.sys,...
This Logfile must be done to get the right results for the Haxdoor variant on your system.
Post back here with that log.
Judy

[StckFigure]

Dare I hope that this is the last few steps?

HAXFIX logfile - by Marckie

version 4.43
Thu 05/17/2007 22:37:22.92

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected


--- Catchme logfile - thank you Gmer ---

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-17 22:37:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!

[jholland1964]

Ok, we are getting there!
Checked with ShadowPuterDude who put this tool together. Here is his message;

It's a FP.(False Positive) That's WinLanMiniPort. I still have to filter that out. Probably do that this weekend and release Beta7.

Viewing of Hidden Files and Folders isn't properly enabled. Have the poster run ShowIt.bat from inside the ISeeYouXP folder. MsConfig is being used to disable several startups. Get the poster to enable everything. There are a couple of issues that need to be fixed, but first the OP needs to run ShowIt and stop using MsConfig.

Run this Registry patch

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonceex]
"Flag"=-
"Windows Update"=-

If the reg key looks like this:
curr entversion

Delete the extra space

Killbox the following file:

C:\WINDOWS\scvhost.exe

Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.



Then have the OP attach a new ISeeYouXP log.

Follow all his instructions and then attach the new log.
Judy

[StckFigure]

How do I "run the registry patch"?

[StckFigure]

And does running ShowIt automatically stop running MsConfig, or do I need to do something in addition?

EDIT: I do'nt see scvhost.exe in the Windows directory. I haven't done the other steps - waiting on answers - but I thought I'd check, and, indeed, I don't see it.

[jholland1964]

You need to actually go into msconfig and re-enable EVERYTHING in there. I believe the ShowIt.bat is going to show your hidden files and folders properly.
scvhost.exe IS in there, you may not be able to see it but it IS showing in the ISeeYouXP log.
Just run the Killbox on that file as instructed and if it is there it will get rid of it. If it isn't there it will tell you it couldn't be found. But it does show in the log. Make sure you run the ShowIt.bat first before you do the Killbox.
Let me check again on that REGEDIT4
I think you need to check that key first in the registry to see if there IS a space between curr entversion then you will have to run that...but for now just check and see if the space is there.

[StckFigure]

Sorry to suddenly be so completely out of it and make it seem like pulling teeth... I just want to make sure I don't do anything wrong. You want me to go into MSConfig and enable ALL Startup programs, even the ones that have been disabled forever? What about ALL Services (which are all enabled already except for two from AOL and the ASFEGTGF one we disabled earlier)?