mlw.exe - Dangerous
mlw.exe
Manual removal instructions:
Antivirus Report of mlw.exe:
mlw.exe
We suggest you to remove mlw.exe from your computer as soon as possible.
Mlw.exe is Trojan/Backdoor.
Kill the process mlw.exe and remove mlw.exe from Windows startup.
File:
C:\sand-box\mlw.exe
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.06.21 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.22 Agent2.KWS
BitDefender 7.2 2009.06.22 Gen:Trojan.Heur.Hype.50609F9F9F
Comodo 1389 2009.06.22 -
DrWeb 5.0.0.12182 2009.06.22 Trojan.Fakealert.4335
F-Secure 8.0.14470.0 2009.06.21 FraudTool.Win32.MalwareDoctor.aw
NOD32 4175 2009.06.21 Win32/Adware.MalwareDoctor
Symantec 1.4.4.12 2009.06.22 -
Additional information
File size: 27136 bytes
MD5 : ce90699b49cab85bad165243af1aa44f
SHA1 : 7086b380cbaf7047bd65e914529de6f0df914889
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:18
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\Implemented Categories\{00021492-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKCU\Keyboard Layout\Toggle
HKCU\Software\Microsoft\CTF\Assemblies
HKCU\Software\Microsoft\CTF\LangBar
HKCU\Software\Microsoft\CTF\MSUTB
HKCU\Software\Microsoft\CTF\Sapilayr
HKCU\Software\Microsoft\CTF\TIP
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB}
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
HKCU\Software\Microsoft\SAPI Layer
HKCU\Software\Microsoft\Speech
----------------------------------
Values added:18
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "mlw.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x4A3764C9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor: "C:\sand-box\mlw.exe"
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB}\Enable: 0x00000000
HKCU\Software\Microsoft\CTF\Sapilayr\ProfileInitialized: 0x00000001
HKCU\Software\Microsoft\CTF\MSUTB\Left: 0x000002EA
HKCU\Software\Microsoft\CTF\MSUTB\Top: 0x00000000
HKCU\Software\Microsoft\CTF\MSUTB\Vertical: 0x00000000
HKCU\Software\Microsoft\CTF\LangBar\ExtraIconsOnMinimized: 0x00000001
HKCU\Software\Microsoft\CTF\LangBar\ShowStatus: 0x00000004
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{e2e2dd38-d088-4134-82b7-f2ba38496583}: 0x00002000
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\NextId: 0x00002001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Malware Doctor: "C:\sand-box\mlw.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe: "C:\WINDOWS\system32\ctfmon.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\MemoryUsageStatistics: BD 41 DB E2 78 57 89 A6 EC 5E 93 BE E6 04 F7 7C 24 28 01 4D B8 F8 E0 4A 5A 65 E1 FE E0 A4 07 50 97 09 BA F2 6D D6 FA BD 06 B5 E8 11 5D 47 CB B5 99 F6 DD 96 83 0B 4C AF 48 3E 3D F9 33 A1 D8 D5 C8 D5 35 94 B3 BF 6D 86 5C C1 35 BF 11 D5 EC 12 D0 D2 44 8B 8B F7 59 A4 0F B5 91 A1 DE D3 1E CE 3B 8F 9D 70 2A 87 8F DF 80 DC 75 FF E5 D8 89 7D 80 4B 69 88 98 16 57 D7 9D 6B EA 57 29 D7 E9 FC 8F AB 7E 43 DA 5F C0 70 8B 78 D8 C6 D4 47 5A 1C B1 80 27 2E C8 DE 06 B8 E2 6D 49 1A 11 62 19 6B 07 81 1F D6 F8 6D 37 21 AF 4B CA 7E D7 D7 1A 3A BE B7 E3 65 B6 E3 FC 20 E5 E5 92 6F BA 08 AE 7F F2 5D AD AB 68 EB 36 D7 E4 18 DA 8E B4 B6 30 BF E8 BA 11 AC 64 CE D2 55 BF 55 3F 26 50 AC 15 38 55 04 44 C6 C9 AA 7D 82 DB 0A 46 E1 2A 9D 84 A7 4B EE B7 C2 B8 CD A6 BE 1C 8D 20 48 1F 3D 6B 6E 76 C2 8E D3 B6 32 F5 C6 F2 28 76 CB B9 89 A1 1B E3 F0 5D F2 8B 16 89 9A 20 50 C1 5F 1B 5F 31 62 6F E2 3E CF 7B 91 EE E6 62 B1 E1 5F AB A3 E1 AE 4E 4A 9D 9A 51 50 3E E7 4C 07 EE C9 4B 6C A5 20 30 BB C0 69 0D DC A0 41 13 F0 D4 6E D6 E1 2F 9C
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\PerfomanceGraph: BD 40 97 B1 6E 49 EA 91 C7 01 D1 C2 FF 50 BB 79 3E 2B 1D 4E AA E8 F2 41 15 39 F9 F5 C9 A6 5A 1C B0 5A C4 91 08 B6 F1 E4 1B FC AF 1D 06 44 C1 88 C4 E7 D9 9F A9 14 54 AE 59 23 20 A9 68 A6 D9 C9 C2 87 69 B0 BF 9C 57 A1 50 97 25 8E 73 95 BD 54 C2 88 7D CF 8E A7 06 9F 59 F0 83 E6 D0 E2 4F 89 2E 9A 94 6E 61 CC C5 C5 90 A3 1A 91 AC CC C8 61 D8 11 78 8F 89 0A 7B CD 91 64 F7 26 2E CE F6 AA C0 B0 1C 11 F9 4A CB 39 F1 54 8D E8 C5 2C 77 69 9E AA 46 2F 92 CE 4A AA FE 24 5C 5F 20 3B 5E 6D 4D 82 1B DC F7 67 36 3F B2 70 89 33 C2 D3 1B 2B B7 F2 90 73 E9 9A 9F 5F BC F4 DF 60 E0 4F AE 43 E5 01 DC F9 25 B9 74 8E B2 0D BB DB E7 86 30 A3 A7 E1 0C FF 35 F1 EE 0F F0 4C 32 23 14 EE 51 3B 43 38 41 9A 82 E9 6F EA 80 58 1B B3 6E C6 8B BE 55 E0 D9 FD D2 AD AD E7 01 C4 67 50 42 36 70 1F 7E CF 91 85 C9 2A A9 89 D0 6F 26 92 E4 98 FC 36 AD 96 16 E4 C7 17 D5 DC 30 51 8A 4F 66 1A 34 3E 24 BE 3E DE 79 82 F0 F8 01 86 CA 00 E9 DF F8 FA 02 5D 97 9F 4B 6D 3F D1 41 00 EC D8 41 78 F3 30 62 F1 CC 0B 66 A4 FD 03 06 F5 D4 6C 83 B0 56 FE 7A F3 FD 3A 17 C8 FC 5C E9 57 A7 62 17 CA 8C 15 99 2C BB C4 69 67 9E 46 1A F4 15 22 B2 8B 8D 81 0C D1 78 66 51 A5 47 B4 82 8C 8D 23 DE 1E C6 50 C0 E9 FE 7C CA F5 13 85 0F 99 BC BA EC C4 63 9F 36 BE 5B 47 DB 8B EC F1 BC 59 0F 56 48 1D D4 25 91 0E 1E 31 F5 53 2D B6 48 00 CC B4 9C 2C B7 E2 7D 13 42 1C 26 30 09 DC 41 FA 90 F0 67 83 1B 05 A1 F9 02 BD F6 85 C8 04 07 48 91 CE E4 71 4E 23 7C FF A9 9C 39 C7 DC 40 1A FF A1 B6 56 D1 9C 9A 1A D6 EE 46 49 E7 2A 72 82 FD 5F 6C
----------------------------------
Values modified:8
----------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\Position: 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3C 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\Position: 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\OldWorkAreaRects: 00 00 00 00 00 00 00 00 20 03 00 00 3C 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\OldWorkAreaRects: 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\TaskbarWinXP: 0C 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 AA 4F 28 68 48 6A D0 11 8C 78 00 C0 4F D9 18 B4 0C 03 00 00 60 0D 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\TaskbarWinXP: 0C 00 00 00 08 00 00 00 02 00 00 00 00 00 00 00 AA 4F 28 68 48 6A D0 11 8C 78 00 C0 4F D9 18 B4 52 02 00 00 60 0D 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 8B 8A 0D 54 3F 1C 32 4E 81 32 53 0F 6A 50 20 90 2F 00 00 00 60 05 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 01 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 1E 00 00 00 FE FF FF FF 3C 02 00 00 22 03 00 00 5A 02 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 20 00 00 00 FE FF FF FF 3A 02 00 00 22 03 00 00 5A 02 00 00
----------------------------------
Files added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\{9F3CD834-AEAE-40FE-9A71-D50864BD8F8B}.bmp
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:45
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Registry Run
Author: Unknown
Item Name: Malware Doctor
Related File: C:\sand-box\mlw.exe
Removal Results: Success
Number of reboot: 1
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
| mlw.exe | Malware |
| mlw.exe | Dangerous |
| mlw.exe | High Risk |
Mlw.exe is Trojan/Backdoor.
Kill the process mlw.exe and remove mlw.exe from Windows startup.
File:
C:\sand-box\mlw.exe
Classification:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.06.21 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.22 Agent2.KWS
BitDefender 7.2 2009.06.22 Gen:Trojan.Heur.Hype.50609F9F9F
Comodo 1389 2009.06.22 -
DrWeb 5.0.0.12182 2009.06.22 Trojan.Fakealert.4335
F-Secure 8.0.14470.0 2009.06.21 FraudTool.Win32.MalwareDoctor.aw
NOD32 4175 2009.06.21 Win32/Adware.MalwareDoctor
Symantec 1.4.4.12 2009.06.22 -
Additional information
File size: 27136 bytes
MD5 : ce90699b49cab85bad165243af1aa44f
SHA1 : 7086b380cbaf7047bd65e914529de6f0df914889
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:18
----------------------------------
HKLM\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{540D8A8B-1C3F-4E32-8132-530F6A502090}\Implemented Categories\{00021492-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKCU\Keyboard Layout\Toggle
HKCU\Software\Microsoft\CTF\Assemblies
HKCU\Software\Microsoft\CTF\LangBar
HKCU\Software\Microsoft\CTF\MSUTB
HKCU\Software\Microsoft\CTF\Sapilayr
HKCU\Software\Microsoft\CTF\TIP
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB}
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
HKCU\Software\Microsoft\SAPI Layer
HKCU\Software\Microsoft\Speech
----------------------------------
Values added:18
----------------------------------
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "mlw.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x4A3764C9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malware Doctor: "C:\sand-box\mlw.exe"
HKCU\Software\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB}\Enable: 0x00000000
HKCU\Software\Microsoft\CTF\Sapilayr\ProfileInitialized: 0x00000001
HKCU\Software\Microsoft\CTF\MSUTB\Left: 0x000002EA
HKCU\Software\Microsoft\CTF\MSUTB\Top: 0x00000000
HKCU\Software\Microsoft\CTF\MSUTB\Vertical: 0x00000000
HKCU\Software\Microsoft\CTF\LangBar\ExtraIconsOnMinimized: 0x00000001
HKCU\Software\Microsoft\CTF\LangBar\ShowStatus: 0x00000004
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{e2e2dd38-d088-4134-82b7-f2ba38496583}: 0x00002000
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\NextId: 0x00002001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Malware Doctor: "C:\sand-box\mlw.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe: "C:\WINDOWS\system32\ctfmon.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\MemoryUsageStatistics: BD 41 DB E2 78 57 89 A6 EC 5E 93 BE E6 04 F7 7C 24 28 01 4D B8 F8 E0 4A 5A 65 E1 FE E0 A4 07 50 97 09 BA F2 6D D6 FA BD 06 B5 E8 11 5D 47 CB B5 99 F6 DD 96 83 0B 4C AF 48 3E 3D F9 33 A1 D8 D5 C8 D5 35 94 B3 BF 6D 86 5C C1 35 BF 11 D5 EC 12 D0 D2 44 8B 8B F7 59 A4 0F B5 91 A1 DE D3 1E CE 3B 8F 9D 70 2A 87 8F DF 80 DC 75 FF E5 D8 89 7D 80 4B 69 88 98 16 57 D7 9D 6B EA 57 29 D7 E9 FC 8F AB 7E 43 DA 5F C0 70 8B 78 D8 C6 D4 47 5A 1C B1 80 27 2E C8 DE 06 B8 E2 6D 49 1A 11 62 19 6B 07 81 1F D6 F8 6D 37 21 AF 4B CA 7E D7 D7 1A 3A BE B7 E3 65 B6 E3 FC 20 E5 E5 92 6F BA 08 AE 7F F2 5D AD AB 68 EB 36 D7 E4 18 DA 8E B4 B6 30 BF E8 BA 11 AC 64 CE D2 55 BF 55 3F 26 50 AC 15 38 55 04 44 C6 C9 AA 7D 82 DB 0A 46 E1 2A 9D 84 A7 4B EE B7 C2 B8 CD A6 BE 1C 8D 20 48 1F 3D 6B 6E 76 C2 8E D3 B6 32 F5 C6 F2 28 76 CB B9 89 A1 1B E3 F0 5D F2 8B 16 89 9A 20 50 C1 5F 1B 5F 31 62 6F E2 3E CF 7B 91 EE E6 62 B1 E1 5F AB A3 E1 AE 4E 4A 9D 9A 51 50 3E E7 4C 07 EE C9 4B 6C A5 20 30 BB C0 69 0D DC A0 41 13 F0 D4 6E D6 E1 2F 9C
HKCU\Software\Microsoft\Windows NT\CurrentVersion\TaskManager\PerfomanceGraph: BD 40 97 B1 6E 49 EA 91 C7 01 D1 C2 FF 50 BB 79 3E 2B 1D 4E AA E8 F2 41 15 39 F9 F5 C9 A6 5A 1C B0 5A C4 91 08 B6 F1 E4 1B FC AF 1D 06 44 C1 88 C4 E7 D9 9F A9 14 54 AE 59 23 20 A9 68 A6 D9 C9 C2 87 69 B0 BF 9C 57 A1 50 97 25 8E 73 95 BD 54 C2 88 7D CF 8E A7 06 9F 59 F0 83 E6 D0 E2 4F 89 2E 9A 94 6E 61 CC C5 C5 90 A3 1A 91 AC CC C8 61 D8 11 78 8F 89 0A 7B CD 91 64 F7 26 2E CE F6 AA C0 B0 1C 11 F9 4A CB 39 F1 54 8D E8 C5 2C 77 69 9E AA 46 2F 92 CE 4A AA FE 24 5C 5F 20 3B 5E 6D 4D 82 1B DC F7 67 36 3F B2 70 89 33 C2 D3 1B 2B B7 F2 90 73 E9 9A 9F 5F BC F4 DF 60 E0 4F AE 43 E5 01 DC F9 25 B9 74 8E B2 0D BB DB E7 86 30 A3 A7 E1 0C FF 35 F1 EE 0F F0 4C 32 23 14 EE 51 3B 43 38 41 9A 82 E9 6F EA 80 58 1B B3 6E C6 8B BE 55 E0 D9 FD D2 AD AD E7 01 C4 67 50 42 36 70 1F 7E CF 91 85 C9 2A A9 89 D0 6F 26 92 E4 98 FC 36 AD 96 16 E4 C7 17 D5 DC 30 51 8A 4F 66 1A 34 3E 24 BE 3E DE 79 82 F0 F8 01 86 CA 00 E9 DF F8 FA 02 5D 97 9F 4B 6D 3F D1 41 00 EC D8 41 78 F3 30 62 F1 CC 0B 66 A4 FD 03 06 F5 D4 6C 83 B0 56 FE 7A F3 FD 3A 17 C8 FC 5C E9 57 A7 62 17 CA 8C 15 99 2C BB C4 69 67 9E 46 1A F4 15 22 B2 8B 8D 81 0C D1 78 66 51 A5 47 B4 82 8C 8D 23 DE 1E C6 50 C0 E9 FE 7C CA F5 13 85 0F 99 BC BA EC C4 63 9F 36 BE 5B 47 DB 8B EC F1 BC 59 0F 56 48 1D D4 25 91 0E 1E 31 F5 53 2D B6 48 00 CC B4 9C 2C B7 E2 7D 13 42 1C 26 30 09 DC 41 FA 90 F0 67 83 1B 05 A1 F9 02 BD F6 85 C8 04 07 48 91 CE E4 71 4E 23 7C FF A9 9C 39 C7 DC 40 1A FF A1 B6 56 D1 9C 9A 1A D6 EE 46 49 E7 2A 72 82 FD 5F 6C
----------------------------------
Values modified:8
----------------------------------
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\Position: 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3C 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\Position: 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\OldWorkAreaRects: 00 00 00 00 00 00 00 00 20 03 00 00 3C 02 00 00
HKCU\Software\Microsoft\Internet Explorer\Desktop\Old WorkAreas\OldWorkAreaRects: 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\TaskbarWinXP: 0C 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 AA 4F 28 68 48 6A D0 11 8C 78 00 C0 4F D9 18 B4 0C 03 00 00 60 0D 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop\TaskbarWinXP: 0C 00 00 00 08 00 00 00 02 00 00 00 00 00 00 00 AA 4F 28 68 48 6A D0 11 8C 78 00 C0 4F D9 18 B4 52 02 00 00 60 0D 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 8B 8A 0D 54 3F 1C 32 4E 81 32 53 0F 6A 50 20 90 2F 00 00 00 60 05 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 01 00 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 1E 00 00 00 FE FF FF FF 3C 02 00 00 22 03 00 00 5A 02 00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2\Settings: 28 00 00 00 FF FF FF FF 02 00 00 00 03 00 00 00 6B 00 00 00 20 00 00 00 FE FF FF FF 3A 02 00 00 22 03 00 00 5A 02 00 00
----------------------------------
Files added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\{9F3CD834-AEAE-40FE-9A71-D50864BD8F8B}.bmp
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:45
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: Registry Run
Author: Unknown
Item Name: Malware Doctor
Related File: C:\sand-box\mlw.exe
Removal Results: Success
Number of reboot: 1
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.