"Malware Fix รวมวิธีแก้ปัญหา virus computer โครงการทำดีเพื่อสังคม" "เนื่องจากภาระหน้าที่ทางการงาน ต้องขออภัยผู้เยี่ยมชมทุกท่านนะครับ ที่เ้ข้ามาแล้ว ไม่มีการ update virus ตัวใหม่ นะครับ"

Information

http://malwarefighting.blogspot.com


Photobucket
แจ้งเตือนภัย ! Crypt0L0cker (Ransomware)
เข้ารหัสข้อมูลใน คอมพิวเตอร์ กำลังระบาดในไทย
และกำลังระบาดหนักในเกาหลี
ThaiCERT , Crytpo Prevention Tool

*ห้ามจ่ายเงินโดยเด็ดขาด เพราะจะเสียทั่้งเงินและกู้ข้อมูลไม่ได้
รบกวนคนที่เข้ามาอ่านช่วยแชร์ด้วยนะครับ
http://hotzone-it.blogspot.com/2015/07/how-to-remove-crypt0l0cker-not.html
==============================================
PeeTechFix >> JupiterFix
==============================================
Photobucket

วิธีใช้งาน : JupiterFix-Win32.PSW.OnlineGames
ท่านสามารถตรวจสอบรายชื่อ Virus ที่โปรแกรม สามารถ Clean ได้ ใน VirusList.txt
-------------------------------------------------------------------------------------
ท่านใดที่ Download PeeTechFix tool ไปใช้แล้วมีปัญหาหรือลบไม่ออก โปรดแจ้งปัญหา ที่ email : MalwareHunter.info@gmail.com ด้วยครับ หรือส่งไฟล์ virus ให้ด้วย จะขอบพระคุณอย่างยิ่ง
-------------------------------------------------------------------------------------
Safemode Recovery (.reg) แก้ปัญหา Virus ลบ Key Safeboot แล้วเข้า safemode ไม่ได้
------------------------------------------------------------------------------------
วิธีแก้ Error message (แก้อาการเปิดไฟล์ .exe ใน USB Drive ไม่ได้)
"Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator"
วิธีแก้ ดูที่ link นี้ครับ
-------------------------------------------------------------------------------------
วิธีแก้ MSN /Windows Live Messenger Disconnect (จาก virus OnlineGames)
-------------------------------------------------------------------------------------
How to start Windows in Safe Mode


Monday

How to remove hanruo.exe

hanruo.exe , next.exe

MD5 : 15a5ab1cb4fc74c605f2c1d5cc97428a
SHA1 : a29409d7c3532cbfc8c2bb021baf622cfcc4b731
...
AhnLab-V32010.09.27.012010.09.27Dropper/Win32.OnlineGameHack
AntiVir7.10.12.312010.09.26-
Antiy-AVL2.0.3.72010.09.26-
Authentium5.2.0.52010.09.27W32/Packed.Krap.A!Eldorado
Avast4.8.1351.02010.09.26-
Avast55.0.594.02010.09.26-
AVG9.0.0.8512010.09.26Klone.AP
BitDefender7.22010.09.27-
CAT-QuickHeal11.002010.09.27(Suspicious) - DNAScan
ClamAV0.96.2.0-git2010.09.27-
Comodo62082010.09.27-
DrWeb5.0.2.033002010.09.27-
Emsisoft5.0.0.372010.09.27Worm.Win32.Taterf!IK
eSafe7.0.17.02010.09.26-
eTrust-Vet36.1.78752010.09.25-
F-Prot4.6.2.1172010.09.27W32/Packed.Krap.A!Eldorado
F-Secure9.0.15370.02010.09.27-
Fortinet4.1.143.02010.09.26-
GData212010.09.27-
IkarusT3.1.1.88.02010.09.27Worm.Win32.Taterf
Jiangmin13.0.9002010.09.27-
K7AntiVirus9.63.26082010.09.25Riskware
Kaspersky7.0.0.1252010.09.27-
McAfee5.400.0.11582010.09.27-
McAfee-GW-Edition2010.1C2010.09.27Heuristic.BehavesLike.Win32.Spyware.B
Microsoft1.62012010.09.27Worm:Win32/Taterf.B
NOD3254812010.09.26-
Norman6.06.062010.09.26W32/Viking.gen5
nProtect2010-09-27.032010.09.27Trojan/W32.Agent.196508
Panda10.0.2.72010.09.26Trj/CI.A
PCTools7.0.3.52010.09.27-
Prevx3.02010.09.27-
Rising22.66.06.012010.09.27Packer.Win32.Mian007.a
Sophos4.58.02010.09.27Sus/UnkPack-C
Sunbelt69322010.09.27Worm.Win32.Taterf.b (v)
SUPERAntiSpyware4.40.0.10062010.09.27-
Symantec20101.1.1.72010.09.27-
TheHacker6.7.0.0.0352010.09.27-
TrendMicro9.120.0.10042010.09.27-
TrendMicro-HouseCall9.120.0.10042010.09.27-
VBA323.12.14.12010.09.24BScope.Trojan-PSW.AmGames
ViRobot2010.8.31.40172010.09.27-
VirusBuster12.65.27.32010.09.26-
PeeTechFix2.0.7.1152010.09.27Win32.PSW.OnlineGames
...
Hijack log
Process
dosRpta.exe

Registry
O4 - HKCU\..\Run: [hanruo] C:\WINDOWS\system32\hanruo.exe
O4 - HKCU\..\Run: [api32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\apiqq.exe

Files Added
%System%\hanruo.exe
%System%\m.exe
%System%\hanruo10.dll
%System%\hanruo11.dll
%System%\hanruo12.dll
%System%\hanruo20.dll
%System%\hanruo21.dll
%System%\hanruo22.dll
%System%\vmpus0..dll (0-9)
%Windir%\dosrpta.exe (notepad)
%Temp%\apiqq.exe
%Temp%\apiqq0.dll (0-9)

Keys added
HKLM\SOFTWARE\Classes\CLSID\MADOWN

HKLM\SOFTWARE\Classes\CLSID\NOD32KVBIT
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA7060E6-F54B-42AE-A337-7D26827AA890}

Values added
HKLM\SOFTWARE\Classes\CLSID\MADOWN\urlinfo: "dswdfre.x"
HKLM\SOFTWARE\Classes\CLSID\NOD32KVBIT\KVBIT_2: "611"
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32\: "C:\WINDOWS\system32\vmpus0.dll"
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}\VcbitExeModuleName: "C:\WINDOWS\system32\m.exe"
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}\VcbitDllModuleName: "C:\WINDOWS\system32\vmpus0.dll"
HKLM\SOFTWARE\Classes\CLSID\{B03A4BE6-5E5A-B9B3-483E-C484D4B20B72}\VcbitSobjEventName: "CVBASDDOOPADSAMN_0"
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\VersionIndependentProgID\: "IEHlprObj.IEHlprObj"
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\ProgID\: "IEHlprObj.IEHlprObj.1"
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\InprocServer32\: "C:\WINDOWS\system32\hanruo20.dll"
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{DA7060E6-F54B-42AE-A337-7D26827AA890}\: "IEHlprObj Class"
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\TypeLib\: "{DA7060E2-F54B-42AE-A337-7D26827AA890}"
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{DA7060E5-F54B-42AE-A337-7D26827AA890}\: "IIEHlprObj"
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\0\win32\: "C:\WINDOWS\system32\hanruo20.dll"
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\HELPDIR\: "C:\WINDOWS\system32\"
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{DA7060E2-F54B-42AE-A337-7D26827AA890}\1.0\: "IEHelper 1.0 Type Library"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\CurVer\: "IEHlprObj.IEHlprObj.1"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj\: "IEHlprObj Class"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\CLSID\: "{DA7060E6-F54B-42AE-A337-7D26827AA890}"
HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj.1\: "IEHlprObj Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}: "hook dll rising"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
hanruo: "C:\WINDOWS\system32\hanruo.exe"
api32: "%Temp%\apiqq.exe"

Values modified
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ Folder\Hidden\SHOWALL\CheckedValue = 0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Hidden = 0x00000002

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\ShowSuperHidden = 0x00000000

Effect : MSN /Windows live messenger error and disconnect
http://hotzone-it.blogspot.com/2010/06/msn-disconect.html
==================================================
วิธีกำจัด / แก้ไวรั: hanruo.exe
==================================================



หมายเหตุ : ท่านใดที่ได้รับผลกระทบจากไวรัสตัวนี้ โืดย MSN จะ Error และ Disconnect
ก็ลองเอาไปแก้ดูนะครับ
------------------------------------------------------------------------------

หลังจากกำจัด virus ได้แล้ว แนะนำให้ติดตั้งโปรแกรมเพิ่มเติม เพื่อป้องกันการเรียกใช้ autorun
เช่น

Program Advice (Stop AutoRun function/autorun.inf)

NoAutoRun (.REG)
http://www.mediafire.com/?ammmxwhqmnm
or

Panda USB Vaccine
http://www.mediafire.com/download.php?qig0nmnm4ld

or
KB971029, KB967715
http://hotzone-it.blogspot.com/2009/08/kb971029-fix-autorun-microsoft.html

Friday

Win32/Bflient.K

igaul.exe , esve.exe (Trojan download multiple malware)

MD5 : af880be8c447061b5de56797974b62f1
SHA1 : 83bf504fdaa405172dfba9a750df5f03e669be15
...
AntivirusVersionLast UpdateResult
AhnLab-V32010.09.24.002010.09.24-
AntiVir7.10.12.282010.09.24-
Antiy-AVL2.0.3.72010.09.24-
Authentium5.2.0.52010.09.24-
Avast4.8.1351.02010.09.23-
Avast55.0.594.02010.09.23-
AVG9.0.0.8512010.09.24Dropper.Generic2.BAIY
BitDefender7.22010.09.24-
CAT-QuickHeal11.002010.09.24-
ClamAV0.96.2.0-git2010.09.24-
Comodo61862010.09.24-
DrWeb5.0.2.033002010.09.24-
Emsisoft5.0.0.372010.09.24-
eSafe7.0.17.02010.09.21-
eTrust-Vet36.1.78742010.09.24-
F-Prot4.6.2.1172010.09.24-
F-Secure9.0.15370.02010.09.24-
Fortinet4.1.143.02010.09.24-
GData212010.09.24-
IkarusT3.1.1.88.02010.09.24-
Jiangmin13.0.9002010.09.21-
K7AntiVirus9.63.25892010.09.23-
Kaspersky7.0.0.1252010.09.24-
McAfee5.400.0.11582010.09.24-
McAfee-GW-Edition2010.1C2010.09.24-
Microsoft1.62012010.09.24-
NOD3254762010.09.24Win32/Bflient.K
Norman6.06.062010.09.24-
nProtect2010-09-24.022010.09.24-
Panda10.0.2.72010.09.24-
PCTools7.0.3.52010.09.24-
Prevx3.02010.09.24Low Risk Adware
Rising22.66.00.072010.09.21-
Sophos4.58.02010.09.24-
Sunbelt69222010.09.24-
SUPERAntiSpyware4.40.0.10062010.09.24-
Symantec20101.1.1.72010.09.24-
TheHacker6.7.0.0.0292010.09.23-
TrendMicro9.120.0.10042010.09.24-
TrendMicro-HouseCall9.120.0.10042010.09.24-
VBA323.12.14.12010.09.24-
ViRobot2010.9.24.40592010.09.24-
VirusBuster12.65.23.02010.09.23-
...

อาการ
จะขึ้นหน้าต่าง Microsoft Security Essential Alert

Photobucket

Internet ไม่สามารถใช้งานได้
Task manager ไม่สามารถใช้งานได้
สร้างไฟล์ใน Temp จำนวนมาก แบบ Random

Photobucket
-------------------------------------------------------------------------
Files Added
%UserProfile%\Application Data\esve.exe
%UserProfile%\Application Data\ohydy.exe
%Temp%\5378685.exe
%\system32%\wuaucldt.exe
%UserProfile%\wuaucldt.exe
%Temp%\Cab122.tmp
%Temp%\Tar123.tmp
%Temp%\114.exe
%Temp%\8815.exe
%WinDir%\cfdrive32.exe
%Temp%\qkua.exe
%Temp%\eneor.exe
%Temp%\dymbmbjl.exe
%Temp%\igaul.exe
%Temp%\cvtd.exe
%Temp%\6606.exe
%Temp%\jytr.exe
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
%UserProfile%\Application Data\igaul.exe
%\system32%\drivers\4142850540.sys
%Temp%\hahapd.exe
%Temp%\ksleed.sys
%Temp%\cncojb.exe
%Temp%\jhjilg.exe
%Temp%\kdkdpf.exe
%Temp%\hehfbi.exe
%Temp%\jmjnli.exe C
%Temp%\nckiya.exe
%Temp%\esve.exe
%Temp%\rjtikh.exe
%Temp%\aiygquy.exe
%Temp%\xwjlewr.exe
%Temp%\bbkmt.exe
%\system32%\drivers\cdrom.sys

Keys Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\Control
HKLM\SYSTEM\ControlSet002\Services\25125f4\Enum
HKLM\SYSTEM\ControlSet002\Services\AsyncMac\Enum
HKLM\SYSTEM\ControlSet002\Services\ati2mtag\Enum
HKLM\SYSTEM\ControlSet002\Services\Atmarpc\Enum
HKLM\SYSTEM\ControlSet002\Services\avfwim\Enum
HKLM\SYSTEM\ControlSet002\Services\Cdaudio\Enum
HKLM\SYSTEM\ControlSet002\Services\Changer\Enum
HKLM\SYSTEM\ControlSet002\Services\Fdc\Enum
HKLM\SYSTEM\ControlSet002\Services\FETNDIS\Enum
HKLM\SYSTEM\ControlSet002\Services\Flpydisk\Enum
HKLM\SYSTEM\ControlSet002\Services\gameenum\Enum
HKLM\SYSTEM\ControlSet002\Services\i2omgmt\Enum
HKLM\SYSTEM\ControlSet002\Services\Ip6Fw\Enum
HKLM\SYSTEM\ControlSet002\Services\IpInIp\Enum
HKLM\SYSTEM\ControlSet002\Services\IRENUM\Enum
HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\Enum
HKLM\SYSTEM\ControlSet002\Services\Modem\Enum
HKLM\SYSTEM\ControlSet002\Services\MSKSSRV\Enum
HKLM\SYSTEM\ControlSet002\Services\MSPCLOCK\Enum
HKLM\SYSTEM\ControlSet002\Services\MSPQM\Enum
HKLM\SYSTEM\ControlSet002\Services\nmwcd\Enum
HKLM\SYSTEM\ControlSet002\Services\nmwcdc\Enum
HKLM\SYSTEM\ControlSet002\Services\nmwcdnsu\Enum
HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\Enum
HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\Enum
HKLM\SYSTEM\ControlSet002\Services\pccsmcfd\Enum
HKLM\SYSTEM\ControlSet002\Services\PCIDump\Enum
HKLM\SYSTEM\ControlSet002\Services\PDCOMP\Enum
HKLM\SYSTEM\ControlSet002\Services\PDFRAME\Enum
HKLM\SYSTEM\ControlSet002\Services\PDRELI\Enum
HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\Enum
HKLM\SYSTEM\ControlSet002\Services\RDPWD\Enum
HKLM\SYSTEM\ControlSet002\Services\s3m\Enum
HKLM\SYSTEM\ControlSet002\Services\TDPIPE\Enum
HKLM\SYSTEM\ControlSet002\Services\TDTCP\Enum
HKLM\SYSTEM\ControlSet002\Services\upperdev\Enum
HKLM\SYSTEM\ControlSet002\Services\usbser\Enum
HKLM\SYSTEM\ControlSet002\Services\UsbserFilt\Enum
HKLM\SYSTEM\ControlSet002\Services\WDICA\Enum
HKLM\SYSTEM\ControlSet002\Services\ZTEusbmdm6k\Enum
HKLM\SYSTEM\ControlSet002\Services\ZTEusbnmea\Enum
HKLM\SYSTEM\ControlSet002\Services\ZTEusbser6k\Enum
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\25125f4\Enum
HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\Enum
HKLM\SYSTEM\CurrentControlSet\Services\ati2mtag\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\Enum
HKLM\SYSTEM\CurrentControlSet\Services\avfwim\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Changer\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Fdc\Enum
HKLM\SYSTEM\CurrentControlSet\Services\FETNDIS\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Enum
HKLM\SYSTEM\CurrentControlSet\Services\gameenum\Enum
HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Ip6Fw\Enum
HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\Enum
HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\Enum
HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRV\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCK\Enum
HKLM\SYSTEM\CurrentControlSet\Services\MSPQM\Enum
HKLM\SYSTEM\CurrentControlSet\Services\nmwcd\Enum
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdc\Enum
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdnsu\Enum
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\Enum
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\Enum
HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\Enum
HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\Enum
HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\Enum
HKLM\SYSTEM\CurrentControlSet\Services\s3m\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum
HKLM\SYSTEM\CurrentControlSet\Services\upperdev\Enum
HKLM\SYSTEM\CurrentControlSet\Services\usbser\Enum
HKLM\SYSTEM\CurrentControlSet\Services\UsbserFilt\Enum
HKLM\SYSTEM\CurrentControlSet\Services\WDICA\Enum
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbmdm6k\Enum
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbnmea\Enum
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbser6k\Enum

Values Added
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
Microsoft Driver Setup: "C:\WINDOWS\cfdrive32.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
wuaucldt: "c:\windows\system32\wuaucldt.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Microsoft Driver Setup: "C:\WINDOWS\cfdrive32.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Regedit32: "C:\WINDOWS\system32\regedit.exe"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
Taskman: "C:\Documents and Settings\Administrator\Application Data\ohydy.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Bluetooth: "%Temp%\hehfbi.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
1Class1: "%UserProfile%\Application Data\igaul.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
wuaucldt: "
%UserProfile%
\wuaucldt.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
12CFG214-K641-12SF-N85P: "C:\RECYCLER\S-1-5-21-xxxxx\vsbntlo.exe"

HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\Service: "NwlnkFlt"
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\Legacy: 0x00000001
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\Class: "LegacyDriver"
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\0000\DeviceDesc: "IPX Traffic Filter Driver"
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NWLNKFLT\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\25125f4\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\25125f4\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\25125f4\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\aec\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\AsyncMac\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\AsyncMac\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\AsyncMac\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\ati2mtag\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ati2mtag\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ati2mtag\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Atmarpc\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Atmarpc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Atmarpc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\avfwim\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\avfwim\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\avfwim\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Cdaudio\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Cdaudio\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Cdaudio\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Changer\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Changer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Changer\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\DMusic\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\drmkaud\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Fdc\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Fdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Fdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\FETNDIS\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\FETNDIS\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\FETNDIS\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Flpydisk\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Flpydisk\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Flpydisk\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\gameenum\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\gameenum\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\gameenum\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\i2omgmt\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\i2omgmt\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\i2omgmt\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Ip6Fw\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Ip6Fw\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Ip6Fw\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\IpFilterDriver\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\IpInIp\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\IpInIp\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\IpInIp\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\IRENUM\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\IRENUM\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\IRENUM\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\kmixer\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\lbrtfdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Modem\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Modem\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\Modem\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\MRxDAV\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\MSKSSRV\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSKSSRV\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSKSSRV\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\MSPCLOCK\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSPCLOCK\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSPCLOCK\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\MSPQM\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSPQM\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\MSPQM\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\nmwcd\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\nmwcdc\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\nmwcdnsu\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcdnsu\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\nmwcdnsu\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\Enum\0: "Root\LEGACY_NWLNKFLT\0000"
HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\Enum\Count: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\NwlnkFlt\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\NwlnkFwd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\pccsmcfd\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\pccsmcfd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\pccsmcfd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\PCIDump\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PCIDump\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PCIDump\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\PDCOMP\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDCOMP\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDCOMP\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\PDFRAME\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDFRAME\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDFRAME\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\PDRELI\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDRELI\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDRELI\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\PDRFRAME\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\RDPWD\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\RDPWD\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\RDPWD\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\s3m\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\s3m\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\s3m\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\114.exe: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\114.exe:*:C:\WINDOWS\cfdrive32.exe"
HKLM\SYSTEM\ControlSet002\Services\splitter\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\swmidi\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\MaxUserPort: 0x0000FFFE
HKLM\SYSTEM\ControlSet002\Services\TDPIPE\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\TDPIPE\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\TDPIPE\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\TDTCP\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\TDTCP\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\TDTCP\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\upperdev\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\upperdev\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\upperdev\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\usbser\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\usbser\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\usbser\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\UsbserFilt\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\UsbserFilt\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\UsbserFilt\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\WDICA\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\WDICA\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\WDICA\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\ZTEusbmdm6k\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbmdm6k\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbmdm6k\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\ZTEusbnmea\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbnmea\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbnmea\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\ControlSet002\Services\ZTEusbser6k\Enum\Count: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbser6k\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\ControlSet002\Services\ZTEusbser6k\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\Control\*NewlyCreated*: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\Service: "NwlnkFlt"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\0000\DeviceDesc: "IPX Traffic Filter Driver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWLNKFLT\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\25125f4\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\25125f4\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\25125f4\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\aec\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\ati2mtag\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ati2mtag\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ati2mtag\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\avfwim\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\avfwim\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\avfwim\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Cdaudio\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Changer\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Changer\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Changer\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\DMusic\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\drmkaud\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Fdc\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Fdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Fdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\FETNDIS\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\FETNDIS\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\FETNDIS\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Flpydisk\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\gameenum\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\gameenum\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\gameenum\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Ip6Fw\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Ip6Fw\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Ip6Fw\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\IpInIp\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRV\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRV\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRV\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCK\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCK\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCK\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\MSPQM\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSPQM\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\MSPQM\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nmwcd\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdc\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdc\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdc\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdnsu\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdnsu\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\nmwcdnsu\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\Enum\0: "Root\LEGACY_NWLNKFLT\0000"
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\Enum\Count: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt\Enum\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDCOMP\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\s3m\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\s3m\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\s3m\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\114.exe: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\114.exe:*:C:\WINDOWS\cfdrive32.exe"
HKLM\SYSTEM\CurrentControlSet\Services\splitter\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\swmidi\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort: 0x0000FFFE
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\upperdev\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\upperdev\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\upperdev\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\usbser\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\usbser\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\usbser\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\UsbserFilt\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\UsbserFilt\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\UsbserFilt\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\WDICA\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\WDICA\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\WDICA\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbmdm6k\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbmdm6k\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbmdm6k\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbnmea\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbnmea\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbnmea\Enum\INITSTARTFAILED: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbser6k\Enum\Count: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbser6k\Enum\NextInstance: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\ZTEusbser6k\Enum\INITSTARTFAILED: 0x00000001
HKCU\Software\Microsoft\OSVersion: "8108320"

Exploit-DB updates

Exploits Database by Offensive Security

Metasploit

Metasploit Framework: Activity

iDefense Labs Software Releases