Freeware to view hidden registry entries.
in [Freeware]
|
From: Johnw on 8 Apr 2010 20:28 John Corliss formulated the question : > I've got about 86 installed programs. Forgot to mention. RegSeeker shows 187 installed programs on mine. Manual count, 80 uninstalled.
From: Johnw on 8 Apr 2010 20:52 Nemesis expressed precisely : > On Thu, 08 Apr 2010 03:18:28 -0700, John Corliss wrote: > >> >> Who cares. > I do. > Armadillo writes stuff like: > [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID > \{406BBE22-9A8E-68EC-3623-82EDFFD64641}] > (note, this is a REAL reg entry, do not delete) > > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID > \{406BBE22-9A8E-68EC-3623-82EDFFD64641}\frbxzndgDydyn] > > @="zldtGQVHmefnxpEwBruNwHQozkBZC}Vn" > (this, and the others, are false, delete them and you suddenly get your > program back) > > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID > \{406BBE22-9A8E-68EC-3623-82EDFFD64641}\frYFHlsMgxmd] > > @="xvEMOvQ{nZZFrN\\pUJL{wa|SN]" > > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID > \{406BBE22-9A8E-68EC-3623-82EDFFD64641}\jtnwvAeqllA] > > @="kOa^NOI\\IjXPFKiq" > > This cut and paste probably does not format well under windows, > but you get the idea. Do a registry backup and try searching for some of > these uncommon chars. I use this to reactivate some armadillo-protected > stuff that is no longer available. > []'s > PS Adobe also uses this kind of stuff, no idea what for . Spyware ? User > ID ? Good info Nemesis, thanks.
From: Johnw on 9 Apr 2010 00:37 John Corliss used his keyboard to write : > http://blogs.microsoft.co.il/blogs/pavely/archive/2008/07/02/malware-and-hidden-registry-keys.aspx For those that read the blog, here are other ways. Tracking down a Trojan http://www.hanselman.com/blog/TrackingDownATrojan.aspx http://www.codinghorror.com/blog/archives/000888.html I showed up and suggested we download the three horsemen: TCPView, Autoruns, and ProcessExplorer. http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Forum http://forum.sysinternals.com/ Windows (including Vista and XP) process and DLL library http://process-dll.com/pd/index.php http://process-dll.com/pd/processes.php?from=A
From: Johnw on 9 Apr 2010 01:11 John Corliss wrote : > Couldn't find the Armadillo one though. Just did a google search & found these, 3 out of the 4 are old, but Trial Reset is still maintained. Trial Reset http://quequero.org/Pack_Unpack http://www.leechermods.com/2008/02/remove-trials-key-of-protector-as.html http://quequero.org/uicwiki/images/TrialReset.zip Installed, in the left hand column are 46 logo's, the 2nd one on the left of that double column is Armadillo, scan found a heap. Bit the the bullet, highlighted the lot & deleted. Ran, ATF-Cleaner, CCleaner & Vit. Refer my info in a previous post on installing & running for 2 of these. http://groups.google.com/group/alt.comp.freeware/browse_thread/thread/8b089902b54776dc?hl=en Ran TrashReg & RegDelNull. All clean. Rebooted, Ran > Trial Reset, TrashReg & RegDelNull. All clean.
From: John Corliss on 9 Apr 2010 08:01
Johnw wrote: > John Corliss pretended : > >> Well, I installed XP on this machine back on Dec. 16, 2005. Probably >> time to format and reinstall everything (leaving out stuff that I >> don't use that often anymore.) THAT will clean up the registry. > > If you are going to format, try VIT which I had mentioned in your > previous post & you can see what you have left. > > Vit Registry Fix Free Edition > (removed Softpedia links) > > http://www.vitsoft.org.ua/vit-registry-fix-free.htm I don't speak Russian fluently, so this is probably a better link: http://www.vitsoft.org.ua/Eng/vit-registry-fix-free.htm Sorry I didn't reply last night. I was about to when my neighbor knocked on the door and interrupted me. Yes, I looked at that program's website. Couldn't determine whether the program uses the Win32 API or the Native API. Also, I generally avoid software originating from Russia because that's where most of the seriously bad malware that I've had to deal with comes from. Sorry. -- John Corliss BS206. I block all Google Groups posts due to Googlespam, and as many posts from anonymous remailers (like x-privat.org for eg.) as possible due to forgeries posted through them. No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited, trial or web wares OR warez for me, please. Adobe Flash sucks, DivX rules. |