Plugin for Spyware Doctor 6.x
(uses Nu2Menu and launches from the system drive)
Updated: Sep 9 2009
Good news: Startup Scanner and Registry Scanner are now operational. The updated code is posted below.
sdoctor.inf
CODE
; PE Builder v3 plug-in INF
; Created by Juan Zak
; Requires the FBWF+FltMgr plugin
; Requires RunScanner by Paraglider
[Version]
Signature="$Windows NT$"
[PEBuilder]
Name="Spyware Doctor 6.x"
Enable=1
[WinntDirectories]
a="Programs\SDoctor",2
b="Programs\Common\PCTools",2
[SourceDisksFiles]
drivers\*.*=4,,1
system32\*.*=2,,1
SDoctor*.cmd=a,,1
[SourceDisksFolders]
Spyware Doctor=a
PC Tools=b
[Append]
nu2menu.xml, sdoctor.xml
[Software.AddReg]
0x4, "Microsoft\Windows\CurrentVersion\SharedDlls","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll", 0x00000001
0x1, "PCTools\CFilter","hookDLLPath","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll"
0x1, "PCTools\CFilter","Temp Directory","X:\Programs\Temp"
0x4, "PCTools\CommonFiles\GenTDI\Product","sd", 0x00000001
0x4, "PCTools\CommonFiles\KDS\Product","sd", 0x00000001
0x1, "PCTools\CommonFiles\KDS","UninstallString","X:\Programs\Common\PCTools\KDS\unins000.exe"
0x1, "PCTools\CommonFiles\GenTDI","UninstallString","X:\Programs\Common\PCTools\GenTDI\unins000.exe"
0x1, "PCTools\Spyware Doctor","PackageVersion","6.0.1.441"
0x1, "PCTools\Spyware Doctor","PackageAlpha","g"
0x1, "PCTools\Spyware Doctor","uninsmsg1","Uninstall has detected that Spyware Doctor is currently running."
0x1, "PCTools\Spyware Doctor","uninsmsg2","Click OK to close Spyware Doctor and proceed with uninstall or Cancel to exit uninstall."
0x1, "PCTools\Spyware Doctor","uninsmsg3","Setup - Spyware Doctor"
0x1, "PCTools\Spyware Doctor","uninsmsg4","Stopping Spyware Doctor..."
0x4, "PCTools\Spyware Doctor","FirstTimeRun", 0x00000001
0x4, "PCTools\Spyware Doctor","SDLoader", 0x00000001
0x4, "PCTools\Spyware Doctor","ProductCode", 0x00000001
0x4, "PCTools\Spyware Doctor","ShowAV", 0x00000001
0x4, "PCTools\Spyware Doctor","iLang", 0x00000409
0x1, "PCTools\Spyware Doctor","BuyURL","http://www.pctools.com/%s/spyware-doctor/purchase/ref/google_pack/"
0x4, "PCTools\Spyware Doctor","SDLoaderInit", 0x00000000
0x1, "PCTools\Spyware Doctor","KDS",""
0x4, "PCTools\Spyware Doctor","UseKdsHooking", 0x00000000
0x1, "PCTools\CommonFiles","LSP","X:\Programs\Common\PCTools\Lsp"
0x1, "PCTools\CommonFiles","KDS","X:\Programs\Common\PCTools\KDS"
0x1, "PCTools\CommonFiles","GenTDI","X:\Programs\Common\PCTools\GenTDI"
0x1, "PCTools\CommonFiles","TDI","X:\Programs\Common\PCTools\TDI\"
0x1, "PCTools\CommonFiles","NDIS","X:\Programs\Common\PCTools\NDIS\"
0x1, "PCTools\CFilter","hookDLLPath","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll"
0x1, "PCTools\CFilter","Temp Directory","X:\Programs\Temp"
0x4, "PCTools","SULogErrors", 0x00000001
[SetupReg.AddReg]
0x2,"ControlSet001\Control\Session Manager\Environment","ProgramFiles","%SystemDrive%\Programs"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control","ActiveService","mchInjDrv"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Service","mchInjDrv"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","DeviceDesc","mchInjDrv"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000\Control","ActiveService","PCTCore"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Service","PCTCore"
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","DeviceDesc","PCTools KDS"
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000\Control","ActiveService","sdAuxService"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Service","sdAuxService"
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","DeviceDesc","PC Tools Auxiliary Service"
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000\Control","ActiveService","sdCoreService"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Service","sdCoreService"
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","DeviceDesc","PC Tools Security Service"
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE","NextInstance", 0x00000001
0x4, "ControlSet001\Services\IKFileSec","OnGuard.Events.HookLevel", 0x00000002
0x4, "ControlSet001\Services\IKSysFlt","OnGuard.Events.HookLevel", 0x00000002
0x1, "ControlSet001\Services\PCTCore\Instances\PCTCore","Altitude","321910"
0x4, "ControlSet001\Services\PCTCore\Instances\PCTCore","Flags", 0x00000000
0x0, "ControlSet001\Services\PCTCore\Security"
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PreOperations","SD",\
41,00,04,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PostOperations","SD",\
15,00,00,00,00,00,00,00
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PreOperations","SD",\
13,00,00,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PostOperations","SD",\
01,00,00,00,00,00,00,00
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PreOperations","SD",\
17,04,00,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PostOperations","SD",\
00,00,00,00,00,00,00,00
0x1, "ControlSet001\Services\PCTCore\Enum","0","Root\LEGACY_PCTCORE\0000"
0x4, "ControlSet001\Services\PCTCore\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\PCTCore\Enum","NextInstance", 0x00000001
0x1, "ControlSet001\Services\PCTCore\Instances","DefaultInstance","PCTCore"
0x4, "ControlSet001\Services\PCTCore","Type", 0x00000002
0x4, "ControlSet001\Services\PCTCore","Start", 0x00000000
0x4, "ControlSet001\Services\PCTCore","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\PCTCore","ImagePath","system32\drivers\PCTCore.sys"
0x1, "ControlSet001\Services\PCTCore","DisplayName","PCTools KDS"
0x1, "ControlSet001\Services\PCTCore","Group","FSFilter Anti-Virus"
0x7, "ControlSet001\Services\PCTCore","DependOnService","FltMgr"
0x7, "ControlSet001\Services\PCTCore","DependOnGroup"
0x0, "ControlSet001\Services\sdAuxService\Security"
0x1, "ControlSet001\Services\sdAuxService\Enum","0","Root\LEGACY_SDAUXSERVICE\0000"
0x4, "ControlSet001\Services\sdAuxService\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\sdAuxService\Enum","NextInstance", 0x00000001
0x4, "ControlSet001\Services\sdAuxService","Type", 0x00000010
0x4, "ControlSet001\Services\sdAuxService","Start", 0x00000002
0x4, "ControlSet001\Services\sdAuxService","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\sdAuxService","ImagePath","X:\Programs\SDoctor\pctsAuxs.exe"
0x1, "ControlSet001\Services\sdAuxService","DisplayName","PC Tools Auxiliary Service"
0x1, "ControlSet001\Services\sdAuxService","ObjectName","LocalSystem"
0x1, "ControlSet001\Services\sdAuxService","Description","Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced."
0x0, "ControlSet001\Services\sdCoreService\Security"
0x1, "ControlSet001\Services\sdCoreService\Enum","0","Root\LEGACY_SDCORESERVICE\0000"
0x4, "ControlSet001\Services\sdCoreService\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\sdCoreService\Enum","NextInstance", 0x00000001
0x4, "ControlSet001\Services\sdCoreService","Type", 0x00000010
0x4, "ControlSet001\Services\sdCoreService","Start", 0x00000002
0x4, "ControlSet001\Services\sdCoreService","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\sdCoreService","ImagePath","X:\Programs\SDoctor\pctsSvc.exe"
0x1, "ControlSet001\Services\sdCoreService","DisplayName","PC Tools Security Service"
0x1, "ControlSet001\Services\sdCoreService","ObjectName","LocalSystem"
0x1, "ControlSet001\Services\sdCoreService","Description","Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled."
; Created by Juan Zak
; Requires the FBWF+FltMgr plugin
; Requires RunScanner by Paraglider
[Version]
Signature="$Windows NT$"
[PEBuilder]
Name="Spyware Doctor 6.x"
Enable=1
[WinntDirectories]
a="Programs\SDoctor",2
b="Programs\Common\PCTools",2
[SourceDisksFiles]
drivers\*.*=4,,1
system32\*.*=2,,1
SDoctor*.cmd=a,,1
[SourceDisksFolders]
Spyware Doctor=a
PC Tools=b
[Append]
nu2menu.xml, sdoctor.xml
[Software.AddReg]
0x4, "Microsoft\Windows\CurrentVersion\SharedDlls","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll", 0x00000001
0x1, "PCTools\CFilter","hookDLLPath","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll"
0x1, "PCTools\CFilter","Temp Directory","X:\Programs\Temp"
0x4, "PCTools\CommonFiles\GenTDI\Product","sd", 0x00000001
0x4, "PCTools\CommonFiles\KDS\Product","sd", 0x00000001
0x1, "PCTools\CommonFiles\KDS","UninstallString","X:\Programs\Common\PCTools\KDS\unins000.exe"
0x1, "PCTools\CommonFiles\GenTDI","UninstallString","X:\Programs\Common\PCTools\GenTDI\unins000.exe"
0x1, "PCTools\Spyware Doctor","PackageVersion","6.0.1.441"
0x1, "PCTools\Spyware Doctor","PackageAlpha","g"
0x1, "PCTools\Spyware Doctor","uninsmsg1","Uninstall has detected that Spyware Doctor is currently running."
0x1, "PCTools\Spyware Doctor","uninsmsg2","Click OK to close Spyware Doctor and proceed with uninstall or Cancel to exit uninstall."
0x1, "PCTools\Spyware Doctor","uninsmsg3","Setup - Spyware Doctor"
0x1, "PCTools\Spyware Doctor","uninsmsg4","Stopping Spyware Doctor..."
0x4, "PCTools\Spyware Doctor","FirstTimeRun", 0x00000001
0x4, "PCTools\Spyware Doctor","SDLoader", 0x00000001
0x4, "PCTools\Spyware Doctor","ProductCode", 0x00000001
0x4, "PCTools\Spyware Doctor","ShowAV", 0x00000001
0x4, "PCTools\Spyware Doctor","iLang", 0x00000409
0x1, "PCTools\Spyware Doctor","BuyURL","http://www.pctools.com/%s/spyware-doctor/purchase/ref/google_pack/"
0x4, "PCTools\Spyware Doctor","SDLoaderInit", 0x00000000
0x1, "PCTools\Spyware Doctor","KDS",""
0x4, "PCTools\Spyware Doctor","UseKdsHooking", 0x00000000
0x1, "PCTools\CommonFiles","LSP","X:\Programs\Common\PCTools\Lsp"
0x1, "PCTools\CommonFiles","KDS","X:\Programs\Common\PCTools\KDS"
0x1, "PCTools\CommonFiles","GenTDI","X:\Programs\Common\PCTools\GenTDI"
0x1, "PCTools\CommonFiles","TDI","X:\Programs\Common\PCTools\TDI\"
0x1, "PCTools\CommonFiles","NDIS","X:\Programs\Common\PCTools\NDIS\"
0x1, "PCTools\CFilter","hookDLLPath","X:\Programs\Common\PCTools\Lsp\PCTLsp.dll"
0x1, "PCTools\CFilter","Temp Directory","X:\Programs\Temp"
0x4, "PCTools","SULogErrors", 0x00000001
[SetupReg.AddReg]
0x2,"ControlSet001\Control\Session Manager\Environment","ProgramFiles","%SystemDrive%\Programs"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control","ActiveService","mchInjDrv"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Service","mchInjDrv"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000","DeviceDesc","mchInjDrv"
0x4, "ControlSet001\Enum\Root\LEGACY_MCHINJDRV","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000\Control","ActiveService","PCTCore"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Service","PCTCore"
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_PCTCORE\0000","DeviceDesc","PCTools KDS"
0x4, "ControlSet001\Enum\Root\LEGACY_PCTCORE","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000\Control","ActiveService","sdAuxService"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Service","sdAuxService"
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE\0000","DeviceDesc","PC Tools Auxiliary Service"
0x4, "ControlSet001\Enum\Root\LEGACY_SDAUXSERVICE","NextInstance", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000\Control","*NewlyCreated*", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000\Control","ActiveService","sdCoreService"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Service","sdCoreService"
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Legacy", 0x00000001
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","ConfigFlags", 0x00000000
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","Class","LegacyDriver"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","ClassGUID","{8ECC055D-047F-11D1-A537-0000F8753ED1}"
0x1, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE\0000","DeviceDesc","PC Tools Security Service"
0x4, "ControlSet001\Enum\Root\LEGACY_SDCORESERVICE","NextInstance", 0x00000001
0x4, "ControlSet001\Services\IKFileSec","OnGuard.Events.HookLevel", 0x00000002
0x4, "ControlSet001\Services\IKSysFlt","OnGuard.Events.HookLevel", 0x00000002
0x1, "ControlSet001\Services\PCTCore\Instances\PCTCore","Altitude","321910"
0x4, "ControlSet001\Services\PCTCore\Instances\PCTCore","Flags", 0x00000000
0x0, "ControlSet001\Services\PCTCore\Security"
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PreOperations","SD",\
41,00,04,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\FileMonitor\PostOperations","SD",\
15,00,00,00,00,00,00,00
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PreOperations","SD",\
13,00,00,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\ProcessMonitor\PostOperations","SD",\
01,00,00,00,00,00,00,00
0x0, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PostOperations"
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PreOperations","SD",\
17,04,00,00,00,00,00,00
0x3, "ControlSet001\Services\PCTCore\Settings\HookingGroups\RegistryMonitor\PostOperations","SD",\
00,00,00,00,00,00,00,00
0x1, "ControlSet001\Services\PCTCore\Enum","0","Root\LEGACY_PCTCORE\0000"
0x4, "ControlSet001\Services\PCTCore\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\PCTCore\Enum","NextInstance", 0x00000001
0x1, "ControlSet001\Services\PCTCore\Instances","DefaultInstance","PCTCore"
0x4, "ControlSet001\Services\PCTCore","Type", 0x00000002
0x4, "ControlSet001\Services\PCTCore","Start", 0x00000000
0x4, "ControlSet001\Services\PCTCore","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\PCTCore","ImagePath","system32\drivers\PCTCore.sys"
0x1, "ControlSet001\Services\PCTCore","DisplayName","PCTools KDS"
0x1, "ControlSet001\Services\PCTCore","Group","FSFilter Anti-Virus"
0x7, "ControlSet001\Services\PCTCore","DependOnService","FltMgr"
0x7, "ControlSet001\Services\PCTCore","DependOnGroup"
0x0, "ControlSet001\Services\sdAuxService\Security"
0x1, "ControlSet001\Services\sdAuxService\Enum","0","Root\LEGACY_SDAUXSERVICE\0000"
0x4, "ControlSet001\Services\sdAuxService\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\sdAuxService\Enum","NextInstance", 0x00000001
0x4, "ControlSet001\Services\sdAuxService","Type", 0x00000010
0x4, "ControlSet001\Services\sdAuxService","Start", 0x00000002
0x4, "ControlSet001\Services\sdAuxService","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\sdAuxService","ImagePath","X:\Programs\SDoctor\pctsAuxs.exe"
0x1, "ControlSet001\Services\sdAuxService","DisplayName","PC Tools Auxiliary Service"
0x1, "ControlSet001\Services\sdAuxService","ObjectName","LocalSystem"
0x1, "ControlSet001\Services\sdAuxService","Description","Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced."
0x0, "ControlSet001\Services\sdCoreService\Security"
0x1, "ControlSet001\Services\sdCoreService\Enum","0","Root\LEGACY_SDCORESERVICE\0000"
0x4, "ControlSet001\Services\sdCoreService\Enum","Count", 0x00000001
0x4, "ControlSet001\Services\sdCoreService\Enum","NextInstance", 0x00000001
0x4, "ControlSet001\Services\sdCoreService","Type", 0x00000010
0x4, "ControlSet001\Services\sdCoreService","Start", 0x00000002
0x4, "ControlSet001\Services\sdCoreService","ErrorControl", 0x00000001
0x1, "ControlSet001\Services\sdCoreService","ImagePath","X:\Programs\SDoctor\pctsSvc.exe"
0x1, "ControlSet001\Services\sdCoreService","DisplayName","PC Tools Security Service"
0x1, "ControlSet001\Services\sdCoreService","ObjectName","LocalSystem"
0x1, "ControlSet001\Services\sdCoreService","Description","Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled."
sdoctor.xml
CODE
<!-- Nu2Menu entry for Spyware Doctor 6.x -->
<NU2MENU>
<MENU ID="Programs">
<MITEM TYPE="POPUP" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\SDoctor\pctsGui.exe))" MENUID="SpywareDoctor6x">Spyware Doctor 6.x</MITEM>
</MENU>
<MENU ID="SpywareDoctor6x">
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\RunScanner\RunScanner.exe))" CMD="RUN"
FUNC="@GetProgramDrive()\Programs\SDoctor\SDoctor.cmd">Start Spyware Doctor with automatic loading of target hives</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\SDoctor\SDoctorMan.cmd))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\SDoctor\SDoctorMan.cmd">Start Spyware Doctor on local registry (for manual loading of target hives)</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetWinDir()\system32\regedit.exe))" CMD="RUN" FUNC="@GetWinDir()\system32\regedit.exe">Open local registry for manual hive loading</MITEM>
</MENU>
</NU2MENU>
<NU2MENU>
<MENU ID="Programs">
<MITEM TYPE="POPUP" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\SDoctor\pctsGui.exe))" MENUID="SpywareDoctor6x">Spyware Doctor 6.x</MITEM>
</MENU>
<MENU ID="SpywareDoctor6x">
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\RunScanner\RunScanner.exe))" CMD="RUN"
FUNC="@GetProgramDrive()\Programs\SDoctor\SDoctor.cmd">Start Spyware Doctor with automatic loading of target hives</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\SDoctor\SDoctorMan.cmd))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\SDoctor\SDoctorMan.cmd">Start Spyware Doctor on local registry (for manual loading of target hives)</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetWinDir()\system32\regedit.exe))" CMD="RUN" FUNC="@GetWinDir()\system32\regedit.exe">Open local registry for manual hive loading</MITEM>
</MENU>
</NU2MENU>
SDoctor.cmd
CODE
@echo off
rem ---------------------------------------------------------------------------
rem Script to start Spyware Doctor Starter Edition v6.x
rem Created by Juan Zak
rem ---------------------------------------------------------------------------
setlocal
echo.
echo Spyware Doctor Starter Edition v6.x
echo.
echo Spyware Doctor needs free space in system disk %SystemDrive%
echo 20%% of RAM will be assigned by default.
echo.
set size=
set /p size= Press ENTER to accept or type another %% of RAM :
if "%size%" == "" goto default
%SystemRoot%\system32\fbwfldr.exe %size%
goto services:
:default
%SystemRoot%\system32\fbwfldr.exe 20
:services
echo.
echo Starting services ...
echo.
net start sdcoreservice
start %SystemDrive%\Programs\RunScanner\RunScanner.exe %SystemDrive%\Programs\SDoctor\pctsGui.exe
endlocal
exit
rem ---------------------------------------------------------------------------
rem Script to start Spyware Doctor Starter Edition v6.x
rem Created by Juan Zak
rem ---------------------------------------------------------------------------
setlocal
echo.
echo Spyware Doctor Starter Edition v6.x
echo.
echo Spyware Doctor needs free space in system disk %SystemDrive%
echo 20%% of RAM will be assigned by default.
echo.
set size=
set /p size= Press ENTER to accept or type another %% of RAM :
if "%size%" == "" goto default
%SystemRoot%\system32\fbwfldr.exe %size%
goto services:
:default
%SystemRoot%\system32\fbwfldr.exe 20
:services
echo.
echo Starting services ...
echo.
net start sdcoreservice
start %SystemDrive%\Programs\RunScanner\RunScanner.exe %SystemDrive%\Programs\SDoctor\pctsGui.exe
endlocal
exit
SDoctorMan.cmd
CODE
@echo off
rem ---------------------------------------------------------------------------
rem Script to start Spyware Doctor Starter Edition v6.x
rem Created by Juan Zak
rem ---------------------------------------------------------------------------
setlocal
echo.
echo Spyware Doctor Starter Edition v6.x
echo.
echo Spyware Doctor needs free space in system disk %SystemDrive%
echo 20%% of RAM will be assigned by default.
echo.
set size=
set /p size= Press ENTER to accept or type another %% of RAM :
if "%size%" == "" goto default
%SystemRoot%\system32\fbwfldr.exe %size%
goto services:
:default
%SystemRoot%\system32\fbwfldr.exe 20
:services
echo.
echo Starting services ...
echo.
net start sdcoreservice
start %SystemDrive%\Programs\SDoctor\pctsGui.exe
endlocal
exit
rem ---------------------------------------------------------------------------
rem Script to start Spyware Doctor Starter Edition v6.x
rem Created by Juan Zak
rem ---------------------------------------------------------------------------
setlocal
echo.
echo Spyware Doctor Starter Edition v6.x
echo.
echo Spyware Doctor needs free space in system disk %SystemDrive%
echo 20%% of RAM will be assigned by default.
echo.
set size=
set /p size= Press ENTER to accept or type another %% of RAM :
if "%size%" == "" goto default
%SystemRoot%\system32\fbwfldr.exe %size%
goto services:
:default
%SystemRoot%\system32\fbwfldr.exe 20
:services
echo.
echo Starting services ...
echo.
net start sdcoreservice
start %SystemDrive%\Programs\SDoctor\pctsGui.exe
endlocal
exit
SDoctorRestart.cmd is not needed anymore.
Proceed as follows:
1) Install Spyware Doctor from Google Pack to your XP system
2) Copy the whole "Spyware Doctor" folder (under Program Files) to the plugin folder
3) Copy the whole "PC Tools" folder (under Program Files\Common Files) to the plugin folder
4) Create the "drivers" folder under the plugin folder and copy
PCTAppEvent.sys
PCTCore.sys
pctgntdi.sys
pctplsg.sys
from "Windows\System32\Drivers" to said "drivers" folder
5) Create the "system32" folder under the plugin folder and copy
oleacc.dll
oleaccrc.dll
from "Windows\System32" to said "system32" folder
The Spyware Doctor 6.x plugin requires the combined FBWF+FltMgr plug posted here.
You will also need RunScanner by Paraglider (adjust the path within SDoctor.cmd accordingly).
A brief expanation on the menu items:
>> Start Spyware Doctor with automatic loading of target hives
RunScanner loads the hives of the target system and starts Spyware Doctor. This option is useful for checking/cleaning the target system.
>> Start Spyware Doctor on local registry (for manual loading of target hives)
Spyware Doctor starts on the local registry. This mode is useful for testing the plugin. Alternatively, certain hives of a target system can be loaded manually into the local registry before scanning with Spyware Doctor.
>> Open local registry for manual hive loading
This option simply opens the registry editor, which is useful for troubleshooting or manually loading remote hives.
Note on the PCTCORE service:
Since Spyware Doctor under BartPE is mainly intended for scanning and not for protecting the system, it seems quite likely that the PCTCORE service is not needed.
Try launching pctsGUI.exe from scratch and you will notice that PCTCORE is not loaded.
If the above proves to be accurate, any code related to this service could be deleted, and the pct*.sys drivers could be skipped. For the time being, I leave the service in place, even if dormant.
Hope you find the plugin useful.
Thanks and regards,
Juan